spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Resolving MFROM/HELO conflicts

2010-01-13 23:46:04
On Thu, 14 Jan 2010, alan wrote:

but as never should the helo success/pass result be dependant on anything but
its ip my server name doesn't become a forgery just because an unexpected
envelope-sender appears on the email conversely a forgery of my server name
doesn't become legit because an envelope-senders SPF

A good point.  Which leads back to receiver policy as to whether to reject
for either/both.

Rejecting on HELO fail has caused the most ire.  One of my clients lost
a customer because that customer was sending mail with HELO fail,
and got mad when their email was rejected (used a CNAME):

mail.incompetent.com    IN CNAME incompetent.com.
incompetent.com         IN TXT "v=spf1 a mx -all"
incompetent.com         IN A  1.2.3.4

And of course, the IP of the MTA using mail.incompetent.com is not 1.2.3.4 or
any of the mxes.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com