On Wed, Jun 21, 2006 at 04:03:50PM -0400, Stuart D. Gathman wrote:
There is one instance where I block an SPF result of neutral, but not
none. That is when the HELO name has an SPF record:
if hres in ('deny','fail','neutral','softfail'):
self.log('REJECT: hello SPF: %s 550 %s' % (hres,htxt))
self.setreply('550','5.7.1',htxt,
"HELO name for this MTA not authorized by published SPF record."
)
return Milter.REJECT
My reasoning is that while there are many uses for a neutral
result in MFROM SPF records, there really is no excuse to use it
for HELO. Comments?
The host with name "example.com" sends mail for domain "example.com".
Various other hosts may also be sending mail for this domain.
The host uses its FQDN in HELO: example.com
They want "?all" (due to those various other hosts), you want them
to publish "-all". You are probably correct in more than 99.9% of
all cases. But you should think about this remaining 0.1% as well.
Yes, they can change their hostname. But this is not necessary for
any other reason than to satisfy your local(!) policy.
cheers
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com