SPF HELO checks add to this and are an easy win that do not have any of
(from my view small, but still real) downsides of rejecting mail based on
SPF Fail for Mail From.
CSV and David's _auth mechanisms do that check with much less effort and more
reliability than SPF --those mechanisms provide for denying an IP to send mail
for a given domain. Besides possible misconfiguration, there should be no
downside in blocking prohibited senders.
Can you explain? What is "CSV and David's _auth"?
Note that FCrDNS is much weaker than SPF, because it allows the IP range
owner to "authorize" IPs for MTA activity. For example, comcast.net
has large ranges of IPs that have FCrDNS, but are used by cable
modem users. FCrDNS tells us that the DNS is up to date. SPF can tell
us if comcast.net authorized a mailserver to run on that IP.
-dgl-
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com