On Sat, 3 Sep 2005, Julian Mehnle wrote:
Since simply conforming to RFC HELO requirements (FQDN that resolves to
connect IP) is a reasonable authentication.
Actually only EHLO is required to be a valid FQDN, HELO isn't. Read RFC
2821 carefully.
Thanks for that tip! I will now test whether rejecting on invalid
EHLO is a reasonable policy. I can then add a header to reflect
HELO/EHLO status to give bayesian stats another token to chew on.
(Anyone seen such a header already? I would like to copy existing
practice if possible, otherwise I'll make one up.)
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com