spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Promoting NEUTRAL or SOFTFAIL result to FAIL

2006-02-25 15:14:20
from [Hector Santos] [Permanent Link] 
Right,

I understand what you mean matching atleast 2 levels to domains (TLD match
level equal 2 atleast).

But I am specifically talking about where the client literally issues:

    HELO/EHLO domain.com
    MAIL FROM: user @ domain.com

and

    MFROM.DOMAIN == HELO.DOMAIN

It is a clear cut voilation if SPF(MFROM) returns anything but a FAIL or
PASS because the client is stating it is inside the secured autorized
sending network.

A I said, it was an exploration, for the last 72 hours, and thus far there
were quite a few transaciton where the SPF(MFROM) was NEUTRAL, some SOFTFAIL
and the HELO domains matches MFROM.

Make sense?  To me, that is a pretty clear cut. No ambiguity.

To answer frank,

The point here was to avoid a HELO lookup if not necessary by doing some
domain helo/mfrom matching first.  I don't understand why SOFTFAIL could not
be considered in this logic Frank?  I don't understand your point here.

Comments?

---
Hector


----- Original Message -----
From: "Scott Kitterman" <spf2(_at_)kitterman(_dot_)com>


On 02/25/2006 14:14, Hector Santos wrote:


I have been exploring this rule in our SPF implementation with great
success:

  result = SPF(MFROM.DOMAIN)
  if result in [NEUTRAL, SOFTFAIL] then
     if HELO.DOMAIN = MFROM.DOMAIN and
        result = FAIL

In other words, if the MACHINE and the SENDER is the same domain, then
there is no reason for a NEUTRAL or SOFTFAIL in the SPF(MFROM.DOMAIN)
result.

Any comments about this?


Generally speaking I wouldn't expect this to come up since HELO.DOMAIN is
supposed to be machine specific.  This might work for domains (like

Hotmail,

last time I checked) that incorrectly use the same HELO.DOMAIN for all

their

servers.

More broadly, I think what you are after is not if HELO.DOMAIN =

MFROM.DOMAIN,

but if HELO.DOMAIN is contained in MFROM.DOMAIN, e.g. HELO.DOMAIN =
relay.example.com and MFROM.DOMAIN = example.com.  That's a more complex
consideration, but one that's likely to be more commonly relevant.

I'd imagine that it's worth exploring and getting some statistics on.

Scott K



-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Promoting NEUTRAL or SOFTFAIL result to FAIL, Frank Ellermann
Next by Date:  Re: [spf-discuss] Promoting NEUTRAL or SOFTFAIL result to FAIL, no direct replies
Previous by Thread:  Re: [spf-discuss] Promoting NEUTRAL or SOFTFAIL result to FAIL, Julian Mehnle
Next by Thread:  Re: [spf-discuss] Promoting NEUTRAL or SOFTFAIL result to FAIL, no direct replies
Indexes:  [Date] [Thread] [Top] [All Lists]