On Mon, 21 Nov 2005, Hector Santos wrote:
The top reason is how the MTA is setup. Many of the MTAs may use the peer
local machine host name for the connecting socket if the local machine host
name may not be configurable and when it is configurable, it could be get
the wrong domain when the setup was copied to another machine. So in a
multiple machine or outbound farm setup where one setup file is used, it was
very possible to get the wrong domain (or not preferred domain) for the
machine.
The easiest setup is the get the local machine host hame from current
client/server SOCKET connection. However, this requires that single IPs are
used with a perfect single 1 to 1 A/PTR record setup.
This is never a valid reason. A HELO check does not look at any PTR
records. (The sending domain typically doesn't even control PTR records
unless they have a class C or better). It only looks at the A record for the
claimed FQDN. One of the IP addresses listed for that A record should match
the client IP. This is easy to do even for a server farm or multi-address
server.
That said, I agree that there are too many legitimate (albeit email clueless)
senders to reject on this.
The other top reason is dynamic IP ISP users with legacy MUAs. The MUA will
use the netbios computer name for the machine. The problem is mostly how
the MUA lookups the local host for the current IP address.
Such a MUA should not be sending external mail directly. It needs to go
through a gateway.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com