At 07:58 PM 10/20/2008 -0400, Stuart D. Gathman wrote:
Here is my current message for anonymous senders. Yours sounds better.
550-5.7.1 You must have a valid HELO or publish SPF: http://www.openspf.org
550-5.7.1 Contact your mail administrator IMMEDIATELY! Your mail server is
550-5.7.1 severely misconfigured. It has no PTR record (dynamic PTR records
550-5.7.1 that contain your IP don't count), an invalid or dynamic HELO,
550 5.7.1 and no SPF record.
Some senders only see the first line. I'm want to put an URL
in the first line with a web page to explain the problem fully.
That should work if they see it often enough. The only improvement I can think
of is have the URL go directly to a page with explicit instructions on fixing
the problem, rather than the SPF homepage. I'm trying to imagine the message
author reading this, wondering what is HELO SPF, and hearing from his admin
some lame excuse that the problem is elsewhere. The instructions need to be
clear enough that the author will demand a better explanation from his admin.
How about something like this:
'''
You have been referred to this page because one of our Border Patrol? mail
receivers rejected a request from your transmitter at %(IP)s to send mail under
a name %(DN)s that does not authorize sending mail from this address.
The Border Patrol MTA will not accept mail from unauthorized transmitters.
Please fix your DNS records. Your mail server must pass at least one of our
"3-strikes" tests:
a) PTR check. The IP address of the transmitter must have a PTR record, AND
the name from that record should have an A record with an address matching the
transmitter's IP, AND the name in your HELO command must exactly match the name
in the PTR record.
- OR -
b) The name in your HELO command must have an A or an MX record validating the
transmitter's IP.
- OR -
c) The name in your HELO command must have an email authentication record
authorizing the transmitter's IP. Currently, we look for SPF, SenderID, or CSV
records.
Note: These requirements are much less strict than full RFC compliance. See
dnsreport.com for a complete test of your DNS standards compliance.
See DNShelp for more information.
See Quick Fix for very brief instructions on setting up your transmitter.
'''
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com