Stuart D. Gathman wrote:
Here is a little nit that wasn't addressed in RFC4408. If HELO SPF says
to reject, but SPF for MAIL FROM says Pass, which takes precedence? For
spfv1, I think we are stuck with "receiver policy" (especially since
checking HELO is optional). Should we specify a precedence for spfv3?
Make HELO check a MUST? Or keep HELO optional, but give precedence to
MFROM?
Here is an example for the latter. Set SPF for HELO to "v=spfv3sdg -all".
This has the effect of saying "this server only legitimately sends
MFROM with SPF" (with MFROM taking precedence).
We would probably need to specify the whole matrix of MFROM vs HELO
SPF results.
The HELO check should be mandatory, and should take precedence over the
MFROM check. There is no "forwarding problem" (or any other excuse for
failure) with the HELO check. Furthermore, all the "bells and whistles"
in an SPF record should not apply to the HELO check. It should be a
simple Pass/Fail, with an immediate SMTP REJECT on Fail.
This is the only way I can see SPF will ever fulfill its original
promise of eliminating domain name forgery.
--
************************************************************ *
* David MacQuigg, PhD email: macquigg at ece.arizona.edu * *
* Research Associate phone: USA 520-721-4583 * * *
* ECE Department, University of Arizona * * *
* 9320 East Mikelyn Lane * * *
* http://purl.net/macquigg Tucson, Arizona 85710 *
************************************************************ *
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com