Stuart D. Gathman wrote:
On Mon, 13 Jul 2009, Alex van den Bogaerdt wrote:
Even if the DNS in-addr.arpa entry points to that bigisp, which then points
back to the IP address, "v=spf1 a -all" will still validate an HELO parameter
like "smtp-out.example.com".
AFAIK, that will validate postmaster(_at_)smtp-out(_dot_)example(_dot_)com, not
user(_at_)example(_dot_)com unless example.com has an A record with the same
number. (In that case it could have just said "HELO example.com".)
I am talking about using the name provided by HELO to validate a MAIL FROM
identity - not the HELO identity.
Would "a:%{h2}" do the trick here?
That was the reason I wondered about an equality relationship. Say
smtp-out is delivering two messages, one from user(_at_)example(_dot_)com and one
from user(_at_)example(_dot_)ORG, a virtual domain. Both messages are delivered
during the same session, but %{h2} is example.com, not .ORG.
I would say that example.com ~ example.ORG iff they share at least one
primary MX. Such relationship would be reflexive and symmetric, but
not necessarily transitive. In addition, it apparently confuses
smtp-out and smtp-in.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com