On Friday 09 January 2009 13:01, Don Lee wrote:
Scott K wrote:
This is consistent with my general experience, fewer people publish
records for HELO than Mail From, but it's not "almost zero".
My bottom line is that I agree HELO checking and SPF could use more
attention and evangelism, but it's a lot cost, low risk easy win. Even
if it doesn't help a lot, it doesn't hurt a bit, so just do it.
I agree. I want to ensure that there are no holes in the logic and
then push the evangelism.
Are there any cases where the SPF records that were "intended" for MAIL
FROM would be misleading or otherwise harmful if used for HELO? My
conclusion is that there are no problems here. All SPF records published
should be usable to safely vet MTA connections as outlined in this thread.
I can not think of any cases where an SPF record intended to allow
a MAIL FROM domain of XXX would exclude XXX in HELO checking.
AFAIK, no. There are people that will argue layer violations, but I'm
completely unaware of any real situations where it would be problematic.
(The only case I can think of is where the admin depends on softfail, and
deliberately uses an MTA that is not in the explicit IP list.
That would be a really dumb thing to do, but......)
If this is correct, it would be good to add a few words in the "marketing
literature" to say so.
I believe it's correct.
I'm all in favor of better marketing literature, but lack the time to write
it. Patches gratefully accepted.
If you (or anyone) has suggestions on how better to describe this on the
openspf.org web site, please send text.
Scott K
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com