Please whack me if this is inappropriate or has already been beaten to death.
I've perused the archives a little, and do not see recent discussion
of these subjects.
Is consideration being given to using SPF as a check on the HELO name being
used by mailers? (conversations between MTAs)
As a mail admin, I am currently using greylisting and some simple
checks on the HELO names, and getting reasonably good success
combatting spam. It occurs to me that the information in an SPF record
can tell me with some confidence that a given IP sending me mail is
administered by the organization in the domain name, and is authorized
to send me mail. This gives me a good way to whitelist domain/IP pairs.
For instance, I can look up the SPF record for the HELO from the incoming
MTA, and do a reverse lookup on the IP. If the domain on the reverse
IP matches the domain in the HELO, and the IP matches the SPF, then I
can be pretty confident that the incoming MTA is authorized by the owners
of that domain to send me mail.
This does not prevent spammers from setting up valid domains with these
attributes, but would prevent spammers from using other organizaions
in their HELO names, and it would mean that any mail from that
connection could be AOK if it is FROM: that same domain.
Thoughts?
-dgl-
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735