spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] SPF on HELO

2009-01-05 18:10:32
from [spfdiscuss] [Permanent Link] 
On Mon, 5 Jan 2009, Don Lee wrote:


Where do we stand with SPF usage on HELO/EHLO?

The establishment of "capitol" out there in the net in the
form of the thousands of domains that publish SPF records
may or may not be used to check MAIL FROM: but can most
certainly be used to check HELO/EHLO.  Yet, I am still
getting static when I bring this up in other forums.
("SPF breaks forwarding... blah blah")

Using SPF on HELO/EHLO is a straightforward and effective way
to prevent forgery of MTA identity, and though not directly
effective in suppressing SPAM, it's a vital pre-requisite to
reputation scoring of MTAs.

Is there evidence of progress on this front?


I have always rejected any message HELO has an SPF record and
fails to get PASS.  Rejecting on HELO SPF fail is a no brainer.
The controversy is whether receivers should reject for HELO SPF
neutral/softfail.  My reasoning is that there is absolutely no excuse
for a real MTA to get anything other than PASS on HELO SPF - other
than a totally incompetent admin, whose mail I don't want any way.
Others may disagree.

For client mail that I admin, I reject on HELO SPF neutral (and 
on "three strikes" - no available PTR/HELO/SPF identity) when
"strong" spam rejection is requested.  Incredibly, there are a handful of their
customers who publish SPF and can't even get their own MTAs right.
(And many more who forgot to tell their users about the new requirement
to relay through the central MTA published in their policy.)
I have an exception database for these bozos (who, being customers,
are nevertheless "right").

-- 
            Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>


This is exactly what I would hope to hear, but I am hoping to hear it
from more admins. ;->

The sense I get in other forums is that SPF "can't be used" because it
"breaks forwarding".  The heavy lifting that needs to be done is to
"get the word out" that what you are doing is safe and effective.

Are there any efforts/activities afoot that will "get the word out"?

-dgl-


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] SPF on HELO, Stuart D. Gathman
Next by Date:  Re: [spf-discuss] SPF on HELO, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] SPF on HELO, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] SPF on HELO, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]