spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: NEUTRAL vs NONE for HELO

2006-06-22 01:59:57
from [Julian Mehnle] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex van den Bogaerdt wrote:

This is a slight disadvantage SPF has; HELO and MAIL FROM share the
same space.  This won't matter in many cases, but many is not all.


That would be resolved in SPFv2.1.


"... if the sender chooses to publish an SPF record for that hostname."

They don't.  They choose to publish an SPF record for that email domain.
It just happens to be the same as the host's name.


Let's assume the following case:

  example.com  SPF  "v=spf1 +mx ?mx:isp.example.net -all"

This is a realistic example for a MAIL FROM policy.  Now this policy gets 
applied to the HELO identity, too, due to the nature of v=spf1.  This only 
yields "Neutral" on a HELO check (and thus a problem in Stuart's case) if 
the isp.example.net MXes actually say "HELO example.com", which is pretty 
unlikely, and is actually not desirable from the example.com owner's POV, 
isn't it?


If HELO should always return {PASS, FAIL or NONE}, then this should be
in the spec. Currently it is OK to return NEUTRAL, people publishing
such a record rely on receivers to follow the spec.

Anyone can do anything with their mail.  I (we?) just want to avoid
seeing calls from people following the spec yet find their mail rejected
because someone (Stuart, or anyone else) uses an SPF record for
something it was not designed for.


The point is that this corner case is very unlikely to happen unexpectedly.  
While there may be legitimate reasons for 3rd party (isp.example.net) MTAs 
to say "MAIL FROM:<(_dot_)(_dot_)(_dot_)(_at_)example(_dot_)com>", there is 
really no need for them to 
say "HELO example.com", and I doubt that this happens a lot.  Perhaps 
Stuart can give us some statistics on how often he has rejected messages 
in such situations in the past?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEmlvPwL7PKlBZWjsRArK8AJ4xb0Zie6DN5Q1nq84eHWp3HNYELQCgopOz
2GBvzMutisWFKg3d/3trRQY=
=Oh5R
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] NEUTRAL vs NONE for HELO, wayne
Next by Date:  [spf-discuss] Re: Bug in Gmane forum interface, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] NEUTRAL vs NONE for HELO, Scott Kitterman
Next by Thread:  Re: [spf-discuss] Re: NEUTRAL vs NONE for HELO, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]