-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
On Mon, 5 Feb 2007, Scott Kitterman wrote:
There is no benifit to checking MAIL FROM after a HELO fail if the
receiver policy is to reject on HELO FAIL. I think that last sentence
would have been much better if it said:
I disagree. This is a receiver policy.
I concur with Stuart, disagreeing with Scott. Mandating receiver policy is
prone stirring up a hornet's nest. Even if receivers were to honor it,
it's incredibly difficult to get it about right for _everyone_.
In (very long) hindsight, I think that even strictly mandating the MAIL
FROM check was an error. Receivers may have legitimate reasons for
checking only the HELO.
| -At least the "MAIL FROM" identity MUST be checked, but it is
| -RECOMMENDED that the "HELO" identity also be checked beforehand.
| +Both the "HELO" and "MAIL FROM" identities SHOULD be checked.
It is perfectly possible that HELO fails and MAIL FROM passes. MAIL FROM
should get priority in that case.
Maybe, maybe not. It's a matter of perspective.
Scott Kitterman wrote:
If the receiver policy is to reject on HELO FAIL, then doing the MAIL
FROM check makes no sense, but RFC 4408 requires it.
Right. That was probably a mistake made back in 2003.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFx8YHwL7PKlBZWjsRAuHiAKC2JnJQB+9axmxV4UdWfnguF3wSuwCfbupp
fnQW0MQPdrSdcJXso2Jgwic=
=/LvV
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735