spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Question on a unified policy record approach

2005-09-07 11:43:14
from [paddy] [Permanent Link] 
On Tue, Sep 06, 2005 at 05:55:21PM +0200, Alex van den Bogaerdt wrote:

On Tue, Sep 06, 2005 at 04:08:58PM +0100, paddy wrote:

On Tue, Sep 06, 2005 at 03:36:42PM +0200, Alex van den Bogaerdt wrote:

On Tue, Sep 06, 2005 at 12:09:46PM +0100, paddy wrote:


granted, but it does not replace the check of a ptr which has potential
to curb forgery the other way around.


What are you trying to prove?  I think you are mixing up technologies.


Apologies if I came across a bit strong.  I've never really stopped to 


I am just asking a question: what is it that you are trying to prove. We
were talking about HELLO and SPF, you suddenly talk about ptr.


Alex, please accept my apologies. I just re-read the thread, and I realise
I have misunderstood and caused confusion at several turns.  Thanks for
taking the time to explain.

In particular, what you were saying that a certain kind of spf check 
obviates the need for even a hostname lookup, I get now, apologies for the 
confusion.

I'm still surprised by what I take to be your interpretation of 
"a primary hostname", but I wouldn't be all that surprised if you were right.


Sometimes you do not want a client to be able to connect to all
interfaces.  You just return one ip-address (and probably have
a different name per interface).


so, as you say, you use different names. 

I can see how this might cause practical difficulties if you have a 
multi-homed host that insists on using the primary hostname for 
multiple services, some of which you run on only some ports.
Throw in SSL certs for extra flavour.

I discounted this as breakage, rather than a good technical reason,
but I take your point about practicalities, and if you are a right
about the whole primary hostname thing then that probably settles it.


strongly suggests that there may be situations in which it is impossible
or undesirable to EHLO with a verifiable domainname (supporting a 
legacy doesn't seem like a likely reason), but I've yet to see an 
explanation
or example that I found compelling (but that may be just me being dense).


Look a couple of messages back.


This the primary hostname thing ?

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Question on a unified policy record approach, paddy
Next by Date:  Re: [spf-discuss] Question on a unified policy record approach, paddy
Previous by Thread:  Re: [spf-discuss] Question on a unified policy record approach, Alex van den Bogaerdt
Next by Thread:  Re: [spf-discuss] Question on a unified policy record approach, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]