spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Feature request for SPFv3

2009-07-11 11:09:02
(resent from subscribed address)

----- Original Message ----- From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Friday, July 10, 2009 10:52 PM
Subject: [spf-discuss] Feature request for SPFv3


In my "best-guess" algorithm, a validated HELO (that resolves to the
connect ip)
is added to the collection of validated PTR records for the PTR mechanism.

I propose to make this a MUST behaviour for spfv3.

It seems a newline is needed here. Your next line talks about HELO which
cannot be validated.

Many small businesses
on DSL or Cable internet find it difficult to get their ISP to maintain
PTR records.  The HELO name in an SMTP connection serves the same purpose
as a PTR record, and is already available.  PTR lookups are a waste
of bandwidth (for authentication purposes) when HELO is available and
valid.

Here you mean DNS PTR lookups, not the SPF ptr mechanism, right?

While SPF macros can select the rightmost parts of HELO,

Why would one do this?

and it is
possible for SPF to verify that HELO matches the connect ip (somewhat
kludgily),

Am I missing something? You seem to be describing the following:

If the MTA is hostname.example.com with ip 10.1.2.3, if DNS does not know
"3.2.1.10.in-addr.arpa PTR hostname.example.com" but there is
"hostname.example.com A 10.1.2.3", then "v=spf1 a -all" is all what's
needed.

I haven't hit on a way to check that the rightmost parts
of HELO match the MAILFROM domain using spfv1.

The ptr mechanism, which should be abandoned IMHO, does this. But indeed
that needs a properly setup DNS. It seems that you propose something like
"heloptr" which would use the HELO parameter instead of what is found in the
in-addr.arpa part of the DNS tree. Those who are unable or unwilling to
setup DNS correctly, won't understand that "heloptr" would also match
dyn-10-1-2-3.customer.example.com. This may or may not be harmful, but is
probably not what was intended.

A literal compare operation added to spfv3 could serve the same purpose,
but I don't have any concrete syntax proposals.




-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com