David MacQuigg wrote:
At 12:01 PM 1/9/2009 -0600, Don Lee wrote:
Are there any cases where the SPF records that were "intended" for MAIL FROM
would be misleading or otherwise harmful if used for HELO? My conclusion
is that there are no problems here. All SPF records published should be
usable to safely vet MTA connections as outlined in this thread.
The problem is, if we reject at HELO, based on an SPF record for MAIL FROM, we
are re-interpreting the SPF record in a way that the domain owner may not have
intended. Even if there is no intention that there be a discrepancy, it can
occur because HELO checking using SPF records is so rare.
One reason may be that hostmasters often forget to set that TXT
record. Many MTAs use the server's FQDN, e.g. mailout.example.com, as
a helo name. That requires a TXT record for mailout.example.com: the
TXT record for example.com won't be used for the HELO check in this
case. OTOH, if "example.com" has no A record, it is not advisable to
use that as a helo name (is it?)
From a marketing logic POV, IMHO, it may make sense to hold that an
additional TXT record for the machine name is required in case that
server ever sends out a bounce with null MAIL FROM. That's not the
only reason, though.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com