[RFCI-Discuss] DSN listing of secureserver.net
T
tymes10 at gmail.com
Sat Oct 28 06:00:19 EDT 2006
On 10/25/06, Alex van den Bogaerdt <alex at ergens.op.het.net> wrote:
> On Wed, Oct 25, 2006 at 10:20:04AM +0200, Matus UHLAR - fantomas wrote:
>
> > Aha, this was the problem, I missed it too when set up SPF records...
> > problem explained.
>
> A long time ago, when SPF was still under development, helo checking
> was optional. However, in the current specification is is no longer.
Wow, thats good/interesting news.
> identity, but also separately check the "HELO" identity by applying
> the check_host() function (Section 4) to the "HELO" identity as the
> <sender>.
>
> rfc4408:
> An SPF-compliant domain MUST publish a valid SPF record as described
> in Section 3. This record authorizes the use of the domain name in
> the "HELO" and "MAIL FROM" identities by the MTAs it specifies.
>
> rfc4408:
> At least the "MAIL FROM" identity MUST be checked, but it
> is RECOMMENDED that the "HELO" identity also be checked beforehand.
>
> and so on and so on.
>
>
> __IF__ the sender is the null sender, SPF is going to check
> postmaster@${hellodomain}. That does not mean a limit of where
> the hello domain is used and/or checked. It certainly is not
> true that this domain is only used in case of the null sender.
>
Cool.... Yeah, I currently do already check them anyways, I don't
give them any weight, but I just check them... perhaps I'm allowed to
give them a little weight too...
That would be nice.
More information about the RFCI-Discuss
mailing list