On Tue, Sep 06, 2005 at 01:34:46PM -0500, Seth Goodman wrote:
That's exactly what I'm suggesting. What is the point of a requirement for
an SMTP client to give its FQDN to an SMTP server while forbidding the
server from rejecting the connection when the FQDN and IP do not match?
While you could provide a partial fix for this by listing _all_ the FQDN's
for the machine under _every_ IP in the reverse DNS zone, that does not
reliably solve the problem. Anyone with control over their rDNS zone could
list your hostname under their IP and masquerade as your domain. That's why
some systems ignore the RFC's and REQUIRE forward and reverse DNS to match.
Saying that SPF can resolve this problem easily is besides the point.
RFC2821 was not written with SPF in mind to close the holes.
I repeat the question concerning 2821: why REQUIRE SMTP clients to give a
valid FQDN (ignoring address literals, for the moment) and then say SMTP
servers MUST NOT deny connections when the A record doesn't match? That's
like passing a law with two provisions: 1) forgery is illegal and 2) no
governmental entity may prosecute anyone for forgery. Unless I am missing
something, the two provisions appear contradictory and make it essentially
useless. Legitimate mailers will give you their correct FQDN, spammers will
not, and you MUST accept both. Why bother checking if you can't reject?
Seth,
I have been asking myself similar questions. I came across this:
http://article.gmane.org/gmane.ietf.mxcomp/2707/match=apnic
which may be of some interest.
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com