[Top] [All Lists]

RE: [spf-discuss] Re: Revising SOFTFAIL

2008-01-05 10:47:57
From: Edmig [mailto:emgemgemg(_at_)gmail(_dot_)com] 
Sent: zaterdag 5 januari 2008 16:38
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: Revising SOFTFAIL


On Sat, Jan 05, 2008 at 08:37:55AM -0700, Edmig wrote:


If the HELO name ends in the domain of the return address, assume no

forwarding, and reject on SPF fail. If not, assume forwarding, and

don't use SPF.


Let's don't and say we did; in fact, let's not even say we did. :)


For example, my mail server uses a single HELO name, but I relay mail for

a dozen or so MFROM domains, neither of which ought to be treated as

forwards. Treating those instances as forwarding would patently break SPF.


Alex wrote:


There is *no* simple rule which says that a sending host's name

has to match the sender's email address.


Nor is there a simple, reliable rule to determine whether a message is

being forwarded.


Edmig wrote:


But it does have to correlate with the IP address used by the sending

host. Which raises the question again -  why not just use the HELO

name to authenticate an incoming IP address?


Authenticate for what, exactly? That relay X is authorized to use HELO

name Y? That would just tell you relay X is not hopelessly broken (and

that HELO name Y could be used to check against reputation services). But

it doesn't help you one bit in determining whether relay X is authorized

to send domain Z in MFROM.


- Mark

Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
Powered by Listbox: http://www.listbox.com
<Prev in Thread] Current Thread [Next in Thread>