[spf-discuss] Re: How does one distinguish between authorizing MAIL FROM and HELO
2007-01-28 12:44:39"Scott" == Scott Kitterman "Re: How does one distinguish between authorizing MAIL FROM and HELO" Sun, 28 Jan 2007 10:48:27 -0500
Scott> On Sunday 28 January 2007 09:05, John A. Martin wrote:
>> Given that the only authorized MAIL FROM will be
>> local(_at_)example(_dot_)com and that the only authorized HELO will be
>> host1.example.com how is it recommended to signify that using
>> SPF while also indicating using SPF that MAIL
>> FROM:<local(_at_)host1(_dot_)example(_dot_)com> is NOT authorized and
that 'HELO
>> example.com' is NOT authorized? The only pertinent RRs for
>> these domains are as follows:
>>
>> example.com. MX 10 host1.example.com.
>> (no A RR for example.com)
>> host1.example.com. MX 10 host1.example.com.
>> host1.example.com. A 192.168.0.1
>> 1.0.168.192.in-addr.arpa. PTR host1.example.com.
Scott> SPF as defined by RFC4408 does not distinguish between
Scott> those, but if you control host1.example.com you control
Scott> what it uses for HELO and what it allows for Mail From, so
Scott> in reality I think this isn't an issue. People have
Scott> theorized problems from this limitation, but AFAIK in real
Scott> life it doesn't comeup.
Well, I reject a lot of incoming messages with MAIL
FROM:<whatnot(_at_)host1(_dot_)example(_dot_)com> or 'HELO example.com' before
applying
SPF and after SPF header checks see a boatload of messages with HELO
example.com in the trace of the message and more than just a few in
body checks that are designed to find these in mail headers enclosed
in message bodies. I consider all of those caught by restrictions
after SPF to be backscatter. I use:
example.com. TXT "v=spf1 ip4:192.168.0.1 -all"
host1.example.com. TXT "v=spf1 ip4:192.168.0.1 -all"
which will not alone reject messages spoofing either of those HELO
identities. Judging from the backscatter, that spoofing does happen
regularly.
Scott> If you care to discuss this further, I'd suggest
Scott> spf-discuss and spf-help is intended for helping with SPF
Scott> as it is and not designing improvements to it.
Right, but first I wanted to see that I was not missing something.
jam
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
pgpejQlqgvpKd.pgp
Description: PGP signature
| Previous by Date: | [spf-discuss] Re: forwarded mail being bounced (by spf check), Frank Ellermann |
|---|---|
| Next by Date: | Re: [spf-discuss] Re: How does one distinguish between authorizing MAIL FROM and HELO, Scott Kitterman |
| Previous by Thread: | [spf-discuss] SPF 2007 Council Elections - Voting Reminder, william(at)elan.net |
| Next by Thread: | Re: [spf-discuss] Re: How does one distinguish between authorizing MAIL FROM and HELO, Scott Kitterman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |