On Mon, 21 Nov 2005, wrote:
Stuart D. Gathman wrote:
This would be after the vast majority have been rejected due to
obviously forged HELO. Is that still useful?
Rejecting on HELO is RFC-questionable.
When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers,
I'm going to reject it. No matter what cockamany RFC ignorant
(must be a resolvable FQDN - I believe it must resolve to client, but
others disagree) HELO they came up with, they certainly aren't allowed
to use "bmsi.com". Ditto for any other domains I manage.
Furthermore, if the HELO domain has an SPF record and gets anything
other than PASS, I reject it. There is no reason to accept an SPF "neutral"
for HELO.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com