spf-discuss
[Top] [All Lists]

RE: [spf-discuss] SPF basics commentary

2007-01-28 17:58:52
HELO checking is a good example.  I think there is consensus that
this is safe and effective, and can be deployed immediately
everywhere without pain.

That's not exactly true.  There are still a large number of MTA's with
improperly configured HELO names.  What is safe is to reject for the
HELO name being _your_ domain.  If the HELO name is not yours, you are
asking for trouble if you reject on that alone.  In combination with
other tests, checking HELO may help you to generate SPF pass where you
otherwise wouldn't, and that's probably where it's most useful at
present.

FWIW - I am involved with a community of e-mail admins that use HELO
name checking as an anti-spam technique.  It is not a
cure-all, but it is pretty effective.

The vast majority of MTAs with "bogus" HELO are spam-bots.  "friend",
"-97823423497" and "DM" are examples of common ones.  MTAs that check this
(like we do) can safely reject their spam.  HELO names that do not
resolve sensibly are easy to check and block.

The vast majority of "legit" MTAs with misconfigured HELO are "localhost"
or "localhost.localdomain", which is apparently an artifact of MS
defaults.

There is a large and growing number of mailservers "out there" that
try to resolve the HELO name, and some do rDNS on the IP and
ensure that it matches the HELO.

My point is that misconfigured MTAs that spit out bogus HELO are
going to have lots of problems with lots of servers beyond any SPF
checking that I might do.  I therefore do not consider this a
showstopper in my shop to deploying SPF to do HELO checking.

In short, those legit mailservers that do not put out a proper
FQDN HELO have lots of really good reasons to fix this.  It should
not stop anyone from deploying SPF to do HELO checking.

IMHO, of course. ;->

-dgl-

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735