On Thu, 4 Jan 2007, Don Lee wrote:
A HELO is supposed to be a FQDN, and therefore must have at least one "dot".
SPF doesn't have to check that for us. We can do that ourselves. ;->
Do EHLO SPF check after other checks if you can configure it for that.
Same goes for HELO of "-978387423678", which I see thousands of every week.
Any HELO that can't resolve a fwd DNS should be considered to fail.
Modify that any HELO coming outside of your internal networks range
(otherwise you'll create problems for those pure users which redmond
supplied with not quite properly functioning MUAs). Unfortunetly some
MTAs have problems with specifying ordering of various blocking rules...
I use "no-dot" on my mail server and it's the best anti-spam filter
I have. Almost never a false positive.
Its not really anti-spam filter, its anti-stupidity filter. There is
large number of stupid spammers but there are also those who are really
creative and good at finding holes in how email systems can be xploited.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735