-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth Goodman wrote:
Don Lee wrote on Saturday, January 27, 2007 11:05 AM -0600:
HELO checking is a good example. I think there is consensus that
this is safe and effective, and can be deployed immediately
everywhere without pain.
That's not exactly true. There are still a large number of MTA's with
improperly configured HELO names. What is safe is to reject for the
HELO name being _your_ domain. If the HELO name is not yours, you are
asking for trouble if you reject on that alone. In combination with
other tests, checking HELO may help you to generate SPF pass where you
otherwise wouldn't, and that's probably where it's most useful at
present.
Not true. An invalid HELO name will lead to SPF=None, so SPF wouldn't
cause a rejection anyway. If SPF(HELO)=Fail/SoftFail, then the HELO name
couldn't have been "improperly configured". Ergo, HELO checking is safe.
Chasing corner cases and forwarding issues detracts from this goal.
Unfortunately with anything as complicated as email, one person's corner
case is another's bread and butter.
Same old game: freedom vs security.
I wish we could ignore forwarding, but everybody recognized it was a
serious problem for SPF from the get-go and not much has changed since.
While most of the SPF community may have recognized alias-forwarding
breakage a serious problem of SPF _in_the_beginning_, I see an increasing
number of SPF proponents starting to consider it an inherent consequence
of SPF, and not something that can (or should) somehow be mitigated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFvK0ywL7PKlBZWjsRAm/gAKD2oC5+LRspMPzh9nsBaAUCoCIbegCgqx3p
ZK4oLZ4BKZ2pCby0mrknDaw=
=ao0s
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735