In my "best-guess" algorithm, a validated HELO (that resolves to the connect ip)
is added to the collection of validated PTR records for the PTR mechanism.
I propose to make this a MUST behaviour for spfv3. Many small businesses
on DSL or Cable internet find it difficult to get their ISP to maintain
PTR records. The HELO name in an SMTP connection serves the same purpose
as a PTR record, and is already available. PTR lookups are a waste
of bandwidth (for authentication purposes) when HELO is available and valid.
While SPF macros can select the rightmost parts of HELO, and it is
possible for SPF to verify that HELO matches the connect ip (somewhat
kludgily), I haven't hit on a way to check that the rightmost parts
of HELO match the MAILFROM domain using spfv1.
A literal compare operation added to spfv3 could serve the same purpose,
but I don't have any concrete syntax proposals.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
is added to the collection of validated PTR records for the PTR mechanism.
I propose to make this a MUST behaviour for spfv3. Many small businesses
on DSL or Cable internet find it difficult to get their ISP to maintain
PTR records. The HELO name in an SMTP connection serves the same purpose
as a PTR record, and is already available. PTR lookups are a waste
of bandwidth (for authentication purposes) when HELO is available and valid.
While SPF macros can select the rightmost parts of HELO, and it is
possible for SPF to verify that HELO matches the connect ip (somewhat
kludgily), I haven't hit on a way to check that the rightmost parts
of HELO match the MAILFROM domain using spfv1.
A literal compare operation added to spfv3 could serve the same purpose,
but I don't have any concrete syntax proposals.
--
Stuart D. Gathman <stuart@bmsi.com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com