On Thu, 4 Jan 2007, Don Lee wrote:
Any HELO that can't resolve a fwd DNS should be considered to fail.
Agree totally, but ...
I use "no-dot" on my mail server and it's the best anti-spam filter
I have. Almost never a false positive.
Unfortunately, too many of my clients customers can't configure a mail
server (or hire someone to do so) to save their life. They are
angry and hostile if I try to explain that "JUPITER" is not actually
a syntactically valid HELO. If only more more big ISPs would start
rejecting on invalid HELO instead of missing rDNS. It is because
big ISPs accept invalid HELO that such people expect it to work.
Yes, there are lots of "localhost" MTAs out there, and lots of
people who are unable to fix them.
This is where the incentive part comes into play. MTA admins and
domain owners need a good reason to adopt a technique, and/or clean up
their configs. Something that has upside, and little or no downside
will get adopted. Conversely, if everyone else is adopting a technique
that leaves you out in the cold will also provide incentive.
The good news (at least in my opinion)
is that DNS checking of the HELO (simply to see that it
resolves) and rDNS (to see if it exists) is becoming increasingly common.
At some point in the near future, these misconfigured servers will no longer
be able to get their mail reliably delivered. That will provide
a firm push.
It is important that any rejection provide an indication of why
the rejection happened, so that a competent admin can correct the problem.
-dgl-
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735