[RFCI-Discuss] DSN listing of secureserver.net
Alex van den Bogaerdt
alex at ergens.op.het.net
Wed Oct 25 08:34:20 EDT 2006
On Wed, Oct 25, 2006 at 10:20:04AM +0200, Matus UHLAR - fantomas wrote:
> Aha, this was the problem, I missed it too when set up SPF records...
> problem explained.
A long time ago, when SPF was still under development, helo checking
was optional. However, in the current specification is is no longer.
Yes, _verifying_ the parameter is optional but, because receivers have
a choice, senders MUST publish spf information for it.
rfc4408:
It is RECOMMENDED that SPF clients not only check the "MAIL FROM"
identity, but also separately check the "HELO" identity by applying
the check_host() function (Section 4) to the "HELO" identity as the
<sender>.
rfc4408:
An SPF-compliant domain MUST publish a valid SPF record as described
in Section 3. This record authorizes the use of the domain name in
the "HELO" and "MAIL FROM" identities by the MTAs it specifies.
rfc4408:
At least the "MAIL FROM" identity MUST be checked, but it
is RECOMMENDED that the "HELO" identity also be checked beforehand.
and so on and so on.
__IF__ the sender is the null sender, SPF is going to check
postmaster@${hellodomain}. That does not mean a limit of where
the hello domain is used and/or checked. It certainly is not
true that this domain is only used in case of the null sender.
Alex
More information about the RFCI-Discuss
mailing list