spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF on HELO

2009-01-05 17:36:36
On Mon, 5 Jan 2009, Don Lee wrote:

Where do we stand with SPF usage on HELO/EHLO?

The establishment of "capitol" out there in the net in the
form of the thousands of domains that publish SPF records
may or may not be used to check MAIL FROM: but can most
certainly be used to check HELO/EHLO.  Yet, I am still
getting static when I bring this up in other forums.
("SPF breaks forwarding... blah blah")

Using SPF on HELO/EHLO is a straightforward and effective way
to prevent forgery of MTA identity, and though not directly
effective in suppressing SPAM, it's a vital pre-requisite to
reputation scoring of MTAs.

Is there evidence of progress on this front?

I have always rejected any message HELO has an SPF record and
fails to get PASS.  Rejecting on HELO SPF fail is a no brainer.
The controversy is whether receivers should reject for HELO SPF
neutral/softfail.  My reasoning is that there is absolutely no excuse
for a real MTA to get anything other than PASS on HELO SPF - other
than a totally incompetent admin, whose mail I don't want any way.
Others may disagree.

For client mail that I admin, I reject on HELO SPF neutral (and 
on "three strikes" - no available PTR/HELO/SPF identity) when
"strong" spam rejection is requested.  Incredibly, there are a handful of their
customers who publish SPF and can't even get their own MTAs right.
(And many more who forgot to tell their users about the new requirement
to relay through the central MTA published in their policy.)
I have an exception database for these bozos (who, being customers,
are nevertheless "right").

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com