David MacQuigg wrote:
Stuart D. Gathman wrote:
Here is a little nit that wasn't addressed in RFC4408. If HELO SPF
says to reject, but SPF for MAIL FROM says Pass, which takes
precedence? For spfv1, I think we are stuck with "receiver policy"
(especially since checking HELO is optional). Should we specify a
precedence for spfv3?
Make HELO check a MUST? Or keep HELO optional, but give precedence to
MFROM?
The HELO check should be mandatory, and should take precedence over the
MFROM check. There is no "forwarding problem" (or any other excuse for
failure) with the HELO check. Furthermore, all the "bells and whistles"
in an SPF record should not apply to the HELO check. It should be a
simple Pass/Fail, with an immediate SMTP REJECT on Fail.
We had already talked with John Klensin about this subject and
concluded that it is hardly practicable because of brain damaged
clients out there who don't even know their IP address. John suggested
to use a different verb, VHLO, for clients who wish to undergo such a
severe scrutiny. A "pass" would then result in some sort of
whitelisting. I've detailed the finish for this line of thought in
http://tools.ietf.org/html/draft-vesely-vhlo
IMHO, in spfv3, we can drop the whole idea of HELO-checking, because
backscattering has been substantially reduced in the mean time, while
SPF records for host names have never flown.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com