On Wed, 7 Jan 2009, Don Lee wrote:
The question here is not a technical one, but a marketing one.
...
SPF can be used to vet HELO/EHLO between MTAs. This is non-controversial,
and effective to prevent some kinds of spoofing. Checking SPF on
HELO/EHLO enables reputation checking of MTAs. This is all
goodness. No downside. No FUD.
I want to have this conversation - stand-alone. I want to . I want this
convince certain admins and authors to implement SPF checking on HELO/EHLO.
Without crystal clear guidance from SPF "authorities",
that's proven difficult.
As an (expired) SPF council member, HELO SPF is a no brainer. That is why it
doesn't get discussed much. :-)
On that topic, when SPF is not available, I consider a HELO name
with an A/AAAA record that matches the connecting IP as good as an
SPF pass for reputation purposes. SPF just lets the MTA admin be
more flexible with IP assignment for their MTAs.
Furthermore, no user education (to use SMTP AUTH for instance) is required
to get the full benefits of HELO SPF. Only admin education.
As you say, all goodness, no gotchas.
[resisting urge to throw in another point about the much more interesting
topic of MAIL FROM SPF and "forwarding" ...]
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com