On Thursday 08 January 2009 13:25, Don Lee wrote:
SPF HELO checks add to this and are an easy win that do not have any of
(from my view small, but still real) downsides of rejecting mail based
on SPF Fail for Mail From.
CSV and David's _auth mechanisms do that check with much less effort and
more reliability than SPF --those mechanisms provide for denying an IP to
send mail for a given domain. Besides possible misconfiguration, there
should be no downside in blocking prohibited senders.
Can you explain? What is "CSV and David's _auth"?
Note that FCrDNS is much weaker than SPF, because it allows the IP range
owner to "authorize" IPs for MTA activity. For example, comcast.net
has large ranges of IPs that have FCrDNS, but are used by cable
modem users. FCrDNS tells us that the DNS is up to date. SPF can tell
us if comcast.net authorized a mailserver to run on that IP.
http://mipassoc.org/csv/index.html is the CSV in question. It has zero
deployment and the author has given up on getting any. CSV may have been
a 'better' solution for HELO, but since it never got off top dead center it's
a theoretical point at most.
David's on the list, so I'll let him speak for himself.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com