Scott K wrote:
This is consistent with my general experience, fewer people publish records
for HELO than Mail From, but it's not "almost zero".
My bottom line is that I agree HELO checking and SPF could use more attention
and evangelism, but it's a lot cost, low risk easy win. Even if it doesn't
help a lot, it doesn't hurt a bit, so just do it.
I agree. I want to ensure that there are no holes in the logic and
then push the evangelism.
Are there any cases where the SPF records that were "intended" for MAIL FROM
would be misleading or otherwise harmful if used for HELO? My conclusion
is that there are no problems here. All SPF records published should be
usable to safely vet MTA connections as outlined in this thread.
I can not think of any cases where an SPF record intended to allow
a MAIL FROM domain of XXX would exclude XXX in HELO checking.
(The only case I can think of is where the admin depends on softfail, and
deliberately uses an MTA that is not in the explicit IP list.
That would be a really dumb thing to do, but......)
If this is correct, it would be good to add a few words in the "marketing
literature" to say so.
-dgl-
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com