On Fri, 10 Jul 2009, alan wrote:
At 21:52 10/07/2009 Friday, Stuart D. Gathman wrote:
In my "best-guess" algorithm, a validated HELO (that resolves to the connect
ip)
is added to the collection of validated PTR records for the PTR mechanism.
untrue:
example if a spammer has a bot infecting my home pc
ptr host244.freudenhaus.alandoherty.net
he can quite happily connect to you and helo as mail.spammersdomain.com
and have ensured that mail.spammersdomain.com points at my ip {and possibly
100 others, ok 5 }
thus passing your test but proving nothing of his authenticity {as we know
the ip is mine not his}
You wouldn't put ptr:spammersdomain.com in your SPF policy (would you?).
It proves that the email was controlled by spammersdomain.com, and
that is the domain that gets blacklisted, not alandoherty.net.
the checking of ptr > name > ip
is a method of validating the ip's identity not the helo or the spf records
HELO > name > ip validates helo.
you can already authorize ips you have no ptr setup for in your spf
That is a fair point: probably strong enough to withdraw the proposal.
Since you (the sender) control the HELO, you can always provide a A mechanism
instead for an SPF policy.
The enhanced PTR (or HELO) mechanism is only really useful in
best-guess algorithms. I was just hoping to help standardize guessing a
little.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com