spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] Re: SPF adoption statistics

2005-11-22 08:51:20
from [Bruce Barnes] [Permanent Link] 
And AOL takes this a step further, now PROHIBITING messages from servers
without RR records.  The fully qualified client name MUST resolve to a PTR
record for every e-mail message received . . .

Here's the text, exactly as written, off the AOL website at:
http://postmaster.info.aol.com/info/rdns.html

"Reverse DNS is a way of associating an IP address with its domain name.

The reverse DNS identifier is contained in the PTR portion of the IP Zone
File.

The IP Zone File contains all the different ways that your IP and domain
name can be associated; each association serves a different need.

AOL does require that all connecting Mail Transfer Agents have established
reverse DNS, regardless of whether it matches the domain. 

Reverse DNS must be in the form of a fully-qualified domain name reverse DNS
containing in-addr.arpa are not acceptable, as these are merely placeholders
for a valid PTR record. Reverse DNS consisting only of IP addresses are also
not acceptable, as they do not correctly establish the relationship between
domain and IP address."

See also: http://postmaster.info.aol.com/errors/421dnsnr.html 

We changed service providers for our high-speed services when we upgraded
our facilities recently and it took more than 2 weeks to resolve the AOL
problems because of the slow update of DNS records throughout the internet.

-----Original Message-----
From: Dick St.Peters [mailto:stpeters(_at_)NetHeaven(_dot_)com] 
Sent: Tuesday, November 22, 2005 09:32
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: SPF adoption statistics

Stuart D. Gathman writes:

When it says "HELO bmsi.com", and it ain't one of my bmsi.com servers, 
I'm going to reject it.  No matter what cockamany RFC ignorant (must 
be a resolvable FQDN - I believe it must resolve to client, but others 
disagree) HELO they came up with, they certainly aren't allowed to use 
"bmsi.com".  Ditto for any other domains I manage.


You are 100% correct that the HELO name must resolve to the client.
Who are the others who disagree?

RFC2821 is very explicit in section 3.6:

   -  The domain name given in the EHLO command MUST BE either a primary
      host name (a domain name that resolves to an A RR) or, if the host
      has no name, an address literal as described in section 4.1.1.1.

I.e., the EHLO/HELO name "MUST BE" the (primary) *host* name (or an address
literal).  That a host name resolves to an A RR is so fundamental that it's
included as part of the definition of host name.

It's actually the address literal part of that paragraph that is its
purpose.  Section 3.6 begins by saying

    Only resolvable, fully-qualified, domain names (FQDNs) are
    permitted when domain names are used in SMTP.
    
It then goes on to allow only two exceptions, address literals in EHLO names
and "postmaster" recipients with no domain name at all.

As in most RFCs, "domain name" means "name within a domain", not "name of a
domain", which is made evident in section 2.3.5:

    The domain name, as described in this document and in [22], is the
    entire, fully-qualified name (often referred to as an "FQDN").

("[22]" is STD 13 - RFCs 1034/1035, the DNS standard.)

That makes this worth quoting again:

    Only resolvable, fully-qualified, domain names (FQDNs) are
    permitted when domain names are used in SMTP.

Any domain-based name used in SMTP must be (forward) resolvable.

A client EHLO/HELO name that's the name of a domain - especially any
well-known domain - is itself a high-probability spam indicator, unless the
domain is hotmail.com.  Hotmail uses the name of their domain as the EHLO
name, in violation of RFC2821 (and earlier RFCs).

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 

-------
Sender Policy Framework: http://www.openspf.org/ Archives at
http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: SPF adoption statistics, Alex van den Bogaerdt
Next by Date:  Re: [spf-discuss] Re: SPF adoption statistics, Alex van den Bogaerdt
Previous by Thread:  Re: [spf-discuss] Re: SPF adoption statistics, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] Re: SPF adoption statistics, Alex van den Bogaerdt
Indexes:  [Date] [Thread] [Top] [All Lists]