spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Newcomer question - email admin perspective

2007-01-02 11:53:23
Of course, you're right.  The reverse DNS is unnecessary as the SPF
resolves to an IP.

The answer to my question, then is yes.  Using SPF on the HELO
name to determine "legitimacy" is in the existing art.

Thanks,

-dgl-

On Tue, 2 Jan 2007, Don Lee wrote:

For instance, I can look up the SPF record for the HELO from the incoming
MTA, and do a reverse lookup on the IP.  If the domain on the reverse

If there is an SPF record for the HELO, you don't need to bother with reverse
IP.  An SPF pass says the IP is legit for that HELO.

In fact, even without an SPF record, if the HELO resolves to the connect IP,
you can be certain that the connect IP was authorized to use that HELO by the
DNS admin for the HELO domain.  Reverse DNS doesn't add anything.
In fact, good emails admins may not be able to create rDNS records due to
no competent ISPs being available in their area.  But they can always
create a valid HELO record, or an SPF record.

If the HELO passes SPF, or matches the connect IP, you can whitelist or
attach reputation to just the HELO name, without the IP address.

I track reputation by one of the following in order of preference:

mfromdomain.com:SPF    - if SPF passes
mfromdomain.com:GUESS  - if SPF best_guess passes
helodomain.com:HELO    - if HELO SPF passes, or HELO matches connect IP
mfromdomain.com:1.2.3.4        - if rDNS is present and valid
      (I may change this to rdnsdomain:1.2.3.4 - the mailfrom keeps
      changing from spammer MTAs and zombies, so it doesn't get
      a chance to establish a reputation.)

If there is no valid rDNS, HELO, or SPF, then I reject the connection.
No sense dealing with strangers who won't even give their name.

-- 
            Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
   Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735