At 10:58 15/01/2010 Friday, Ian Eiloart wrote:
--On 14 January 2010 14:52:40 -0600 Don Lee
<spfdiscuss(_at_)caution(_dot_)icompute(_dot_)com> wrote:
On the one hand, CNAME for HELO is all too common (and accepted - wrong
though it may be), but HELO that does not resolve, or does not have
port 25 open on the resolved IP is more and more commonly the reason
for mail from that server being rejected.
There's no reason that my sending mail server should have port 25 open. Many
sites separate their outbound and inbound servers. Sender verifications rely
on MX records, which could point anywhere.
I agree most large providers would be the
MX is totally unrelated to legit HELO clients
port 25 is only related to MX, thus totally unrelated to HELO clients
legit HELO clients are only required by absolutely extreme best practices to
A HELO as a name that is resolvable by A to its connecting from ip #counter
forgery
B have a PTR > PTRNAME > IP, FQRDNS
#traceability of owner
C have an SPF for HELO that authorises its connecting ips #counter
forgery if present A unnecessary, as this provides
#proof of A,
and intent to use this domain for HELO
D CSV for HELO if possible #counter
forgery equivalent to C
E PTRNAME in the same domain as HELO #proof that
traceable owner is person operating sending software
#anti
malware/trojan
F PTRNAME != HELO #proof that
sending software is not just malware using its FQRDNS
#as
otherwise A+C/D+E proves nothing about this connection
#just that
the IP does also originate mail
G PTRNAME using .mxout. #tiny extra
points for trying to please everyone
even in this draconian {but easy to implement on any existing setup}
list of requirements doesn't tie MX to HELO
or require port 25 open on senders
{as no one should}
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com