At 10:15 AM 1/12/2009 -0500, Stuart D. Gathman wrote:
On Sun, 11 Jan 2009, David MacQuigg wrote:
Generally, the HELO domain is different from the MAIL FROM domain, so there
is no conflict.
example.com TXT "v=spf1 mx -all"
mx1.example.com TXT "v=spf1 a -all"
mx2.example.com TXT "v=spf1 a -all"
We need a way to use *one record* for both the MAIL FROM and HELO checks.
Very few domains publish SPF records for each and every HELO name. I don't
believe "evangelism" will ever change that.
That is trivial too. You can pick any name you wish for HELO, including
a domain the same as MAIL FROM.
I would expect some resistance to this from the IETF. RFRC-5321 (see below)
seems to say that the name has to be specific to one client machine. I have
also heard some discussion (I can't recall where), in which a large ESP was
criticized for putting only its domain name in the HELO command.
Even if we got all transmitters to change their HELO names, we would still have
a problem with re-interpretation of the SPF record. Can we ignore ?all and
REJECT connections without the domain owner's explicit permission?
-- Dave
http://tools.ietf.org/html/rfc5321#page-32
4.1.1.1. Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP
server. The argument clause contains the fully-qualified domain name
of the SMTP client, if one is available. In situations in which the
SMTP client system does not have a meaningful domain name (e.g., when
its address is dynamically allocated and no reverse mapping record is
available), the client SHOULD send an address literal (see
<http://tools.ietf.org/html/rfc5321#section-4.1.3>Section 4.1.3).
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com