From: Edmig [mailto:emgemgemg(_at_)gmail(_dot_)com]
Sent: zaterdag 5 januari 2008 16:38
Subject: Re: [spf-discuss] Re: Revising SOFTFAIL
On Sat, Jan 05, 2008 at 08:37:55AM -0700, Edmig wrote:
If the HELO name ends in the domain of the return address, assume no
forwarding, and reject on SPF fail. If not, assume forwarding, and
don't use SPF.
Let's don't and say we did; in fact, let's not even say we did. :)
For example, my mail server uses a single HELO name, but I relay mail for
a dozen or so MFROM domains, neither of which ought to be treated as
forwards. Treating those instances as forwarding would patently break SPF.
There is *no* simple rule which says that a sending host's name
has to match the sender's email address.
Nor is there a simple, reliable rule to determine whether a message is
But it does have to correlate with the IP address used by the sending
host. Which raises the question again - why not just use the HELO
name to authenticate an incoming IP address?
Authenticate for what, exactly? That relay X is authorized to use HELO
name Y? That would just tell you relay X is not hopelessly broken (and
that HELO name Y could be used to check against reputation services). But
it doesn't help you one bit in determining whether relay X is authorized
to send domain Z in MFROM.
Sender Policy Framework: http://www.openspf.org
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
Powered by Listbox: http://www.listbox.com