Franck Martin <fra...@peachymango.org> writes:
> Yes, RFC7208 says evaluate both in parallel, but the result
> of an spf=pass/fail is highly constrained on the success or
> failure of the MAIL FROM spf test.
Actually, it recommends checking the HELO identity first,
because if you get a definite result from that, you may not
have to evaluate the MAIL FROM identity at all.
> I mean, it seems quite rare to find an SPF record on the
> HELO string but not one the MAIL FROM string
I have no stats on how rare it is, but I can show you an
example for one of my home domains:
# host -t txt quill.porcupine.ca
quill.porcupine.ca descriptive text "v=spf1 +a -all"
# host -t txt porcupine.ca
porcupine.ca descriptive text "v=spf1 +mx ?all"
... that is, if anyone tries to HELO as host "quill" and isn't
coming from my IP address, you can reject that mail out of
hand as a fake ("-all").
However, if the envelope sender is in my domain, then if it
came from my MX, it's almost certainly good (lower its spam
score), but if not, perhaps someone is forwarding their mail,
and I don't want their final receiving ISP to drop my message,
which is why "?all" in that case.
(And yes, forwarded bounce mail originally from my mailer will
fail the "MAIL FROM constructed from HELO" test, but I think I
mostly avoid backscatter, so that's not too serious.)
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca +1 514 848-2424 x2285
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
