spf-discuss
[Top] [All Lists]

Re: [spf-discuss] RFC 4408 Bug - Makes no sense to require Mail From check if HELO check FAILs

2007-02-05 14:31:59
On Monday 05 February 2007 16:22, Stuart D. Gathman wrote:
On Mon, 5 Feb 2007, Scott Kitterman wrote:
There is no benifit to checking MAIL FROM after a HELO fail if the
receiver policy is to reject on HELO FAIL.  I think that last sentence
would have been much better if it said:

I disagree. This is a receiver policy.  It is perfectly possible that
HELO fails and MAIL FROM passes.  MAIL FROM should get priority in that
case.  For instance, the HELO domain may have a screwed up SQL, recently
have changed IPs.  Or the MAIL FROM policy can say "+ptr:bigisp.com", and
bigisp.com uses "bigisp.com" as HELO on every MTA used for customers,
despite only authorizing MTAs used for company mail.  (I.e. they
forgot SPF is checked for HELO.)

OK.  I can see that perhaps being an appropriate receiver policy.

If the receiver policy is to reject on HELO FAIL, then doing the MAIL FROM 
check makes no sense, but RFC 4408 requires it.  It should only be required 
if it might affect a decision.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735