spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] SPF basics commentary

2007-01-29 09:50:28
from [william(at)elan.net] [Permanent Link] 

On Mon, 29 Jan 2007, Dick St.Peters wrote:


Stuart D. Gathman writes:

On Sun, 28 Jan 2007, Don Lee wrote:


There is a large and growing number of mailservers "out there" that
try to resolve the HELO name, and some do rDNS on the IP and
ensure that it matches the HELO.


There is no need to do the rDNS if the HELO name resolves to the IP.  It
is a (minor) waste of bandwidth and is unfair to those of us with
broken ISP monopolies.  I suppose I am a broken record on the topic.

All PTR records provide is a name - that you have to verify by checking
that it resolves to the IP.  Well, guess what, a HELO name is a ... name ...
that you can verify by checking that it resolves to the IP - clearly
establishing that the domain owner designated that IP.  So why
did you bother fetching the PTR records again?


John Q Spammer owns johnsspamdomain.com, so the name-->IP resolution
is under his control.  He connects to my mail server with IP a.b.c.d
and gives HELO name "mail.johnsspamdomain.com".  I check what that
resolves to and find it resolves to a.b.c.d.  Then I check what
a.b.c.d reverse resolves to and get port6.box4.dialup.isp.pl.  Guess
what I use the PTR for.


That reminds me - some time ago in MARID days I proposed that there
be SPF record checks against PTR name so that ISPs would specify if
ip with specified address can or can not be used as SMTP client
i.e. its very similar to HELO but basicly new scope (PTR) for
reverse dns names,


The point here is not whether the reverse name agrees with the HELO
name, it's whether the reverse name provides information the HELO name
and forward resolution don't or are even trying to hide.


Exactly. Don't be afraid from having ISP provide some email policy
data about ip address you're using - its their IP space after all...


This happens a lot and provides plenty of reason to check rDNS when
the HELO name resolves to the IP.

The converse is true as well.  If the HELO name is, say, EXCHANGE,
which doesn't conform to rfcs and doesn't resolve to anything, but the
PTR is xyz.static.biz.rr.com, I'm probably going to accept the mail,
albeit reluctantly.

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: How does one distinguish between authorizing MAIL FROM and HELO, Alex van den Bogaerdt
Next by Date:  Re: [spf-discuss] SPF basics commentary, Don Lee
Previous by Thread:  RE: [spf-discuss] SPF basics commentary, william(at)elan.net
Next by Thread:  RE: [spf-discuss] SPF basics commentary, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]