On Thu, Jun 22, 2006 at 12:57:27PM -0400, Stuart D. Gathman wrote:
This example would *not* reject the connection in my system, because
an MFROM SPF record takes precendence over HELO SPF, and presumably
all the domains hosted by example.com (including, obviously, example.com)
have SPF records. I reject on HELO SPF neutral only when there is no MFROM
SPF. (Yes, I realize this treats MFROM SPF NONE/NEUTRAL slightly differently,
but favors publishing SPF.) Only if example.com sent MFROM domains with no
SPF
record would my system reject based on HELO neutral.
Either you didn't write this before or I did not read it carefully enough.
Indeed, I agree in my previous example you would not reject the message.
Try again Alex?
The same set of computers sends mail for a domain not publishing SPF.
Say "example.net" does not publish SPF. There may be various reasons
for this, but they are not important for this discussion IMHO.
HELO example.com
MAIL FROM:<someone(_at_)example(_dot_)net>
You would find no record for MAIL FROM, and you would see NEUTRAL
for HELO. According to what you wrote, you would reject this perfectly
legitimate email, correct?
As soon as "example.net" would publish "v=spf1 ?all", you would no longer
reject that same message.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com