spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Using SPF op=helo for HELO Authorization

2007-01-29 13:31:09
from [Stuart D. Gathman] [Permanent Link] 
On Mon, 29 Jan 2007, David MacQuigg wrote:


There might be a way to do this in SPF without "zone cuts" or "tree 
walking".  Of course, it would have been nice if SMTP had an option to 
provide an Identity (domain name) separate from the hostname, maybe with a 
syntax like HELO hostname(_at_)domain, but this will never happen.  It might 
be 
possible with an SPF record, however, to have an option like op=helo, and 
have that mean - you can use this record to authenticate any HELO name 
*ending* in the domain name of the SPF record.


rr.com  IN TXT "v=spf1 ptr -all"

Connect from foo.bar.rr.com:
HELO rr.com             ; passes HELO SPF

Connect from baz.bat.rr.com:
HELO rr.com             ; passes HELO SPF

You are right, that goes against the spirit (but not the letter) of RFC2821.

I really have not had any problems using validated HELO names (either
via SPF or via matching the connect IP) for reputation.  Even a large
ISP has only a few dozen outgoing SMTP servers, and they accumlate reputation
on even a single server quite nicely.

To recap, I am currently choosing the id to assign reputation to as follows:

if SPF is PASS
  domain:SPF
elif bestguess is PASS
  domain:GUESS
elif HELO is PASS or matches IP or bestguess
  domain:HELO
elif SPF is NEUTRAL
  domain:NEUTRAL
elif SPF is SOFTFAIL
  domain:SOFTFAIL
elif valid rDNS (IP owner authorizes):
  1.2.3.4:IP
else 
  reject - no id

I used to have to manually set SPF policy to reject on neutral for AOL,
for instance.  But how, with pygossip, it is all automatic.  If a 
lot of spam comes in as aol.com:NEUTRAL, then after about 20 messages
the system starts rejecting on neutral for aol.com.  A lot of spam
come in with ebay.com:SOFTFAIL?  After two dozen spams, reject on
softfail for ebay.com is automatic.  A very maintenance free system.
Spam training occurs via honeypots.  Ham training occurs via auto-whitelisting.
All users have to do is look at their quarantine occasionally.  There are
very few messages in quarantine any more thanks to pygossip reputation.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] SPF basics commentary, Stuart D. Gathman
Next by Date:  RE: [spf-discuss] SPF basics commentary, Devin Ganger
Previous by Thread:  Re: [spf-discuss] Using SPF op=helo for HELO Authorization, David MacQuigg
Next by Thread:  Re: [spf-discuss] Using SPF op=helo for HELO Authorization, David MacQuigg
Indexes:  [Date] [Thread] [Top] [All Lists]