spf-discuss
[Top] [All Lists]

[spf-discuss] Re: libspf2 sample programs

2007-01-04 17:29:15
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan_Mitton(_at_)notes(_dot_)ymp(_dot_)gov wrote:
So this would only catch emails where the spammer used a valid domain in
the HELO/EHLO command and that domain has published spf records correct?
Bogus domains would still "pass" the SPF testing because there would be
nothing to look up, right?

No, there will never be an SPF "pass" if there is no SPF record.  And even 
if there is an SPF record and the HELO check "pass"es, that isn't a 
guarantee that the message will be accepted.

The way I have it configured on my mail server is to require that both the 
HELO and MAIL FROM SPF checks _not_ yield a "Fail", "SoftFail",
"PermError", or "TempError".  If either yields one of these SPF results, 
the message gets rejected (permanently, except for "TempError", which 
causes a temporary rejection AKA 4xx SMTP status code).

Of course, I do perform other checks, too.  I'm not performing any reverse 
DNS checks on the HELO, though.  My anti-spam setup currently isn't as 
sophisticated as I'd like it to be.  (I'm simply lacking the time to 
improve it right now.)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFnZuDwL7PKlBZWjsRAu4nAJwM0EfjeiLC2J7rUlG00kC8qg+OAwCfUyey
WZZ1g7BvCwwkTovJmevSLSw=
=8io1
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735