On Sun, 18 Sep 2005, Frank Ellermann wrote:
I'm lost why you prefer to check x.example instead of
u.example.com - if you already had a FAIL for the HELO,
why do you check the MAIL FROM at all ?
This hack is for when there is no SPF record for either HELO
or MFROM. I would like to reject when HELO name doesn't resolve
to connect ip, but there are too many clueless, but otherwise
legitimate senders.
And if you had NONE for a HELO oemcomputer, what's the
idea of replacing @u.example.com by @oemcomputer ?
The point is that I want to recognize messages that *ought* to
be DSNs (MFROM <>), but the sender was too clueless/rude to
actually send a DSN.
Is this abuse of the RFCs going too far?
As long as you don't confuse your users with a bogus
Received-SPF:, or the sender with bogus error messages
"mail from postmaster(_at_)x(_dot_)example rejected" when it was
in fact mailer-daemon(_at_)u(_dot_)example(_dot_)com => receiver policy.
Good point. I'll have to test that that works correctly.
BTW, the above implies that postmaster(_at_)x(_dot_)example(_dot_)com *is*
equivalent to <> (on HELO of x.example.com). Is that the
case?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com