Alessandro Vesely wrote:
Scott Kitterman wrote:
On Thu, 08 Jan 2009 13:46:54 +0100 Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
Perhaps SPF on HELO would have been more effective if servers checked
the name resulting from rDNS.
SPF only does what it does and isn't a panacea.
Yup, it blocks senders, not hosts. Possibly, someone on this list
recalls how come RFC 4408 recommends checking the HELO identity as well...
Hi,
I was one of the early proponents to push HELO SPF checking with a
strong PASS and FAIL consideration.
The key reason is that it is a easy check and since the client machine
domain must be used per 2821 and per 4408, there is none of the
"indirect forwarding issue" with it that can come about with the
requirement to use a persistent return path along a SMTP route (or
transition point before final destination).
I wrote the following analysis back in 2004 to illustrate HELO/MAIL
FROM checking, where the hard TRUE or FALSE conditions and
expectations and where/when there are indeterminate points.
http://www.winserver.com/public/antispam/lmap/draft-lmapanalysis1.htm
--
HLS
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com