On 2010-02-14 19:20, dar...@chaosreigns.com wrote:
On 02/14, Jonas Eckerman wrote:
The SPF record above says that a host using "panic.chaosreigns.com" in HELO should not be allowed to send mail unless it has the IP address 64.71.152.40, regardless of the domain in the envelope from, From: header, etc..
You're right, I missed that, thank you. The complication, of course, is where a spammer owns the (forgable) HELO domain but not the IP (PTR). Full circle DNS handles that. Has the combination been implemented?
I've no idea wether any software actually checks the combination of HELO SPF and FCDNS. It does seem a logical thing to do in software like SpamAssassin or MIMEDefang. Maybe I should implement it in my MIMEDefang filter just to log the results and see if it'd be a good idea to reject on it...
Possibly a lack of separate SPF records for HELO and MAIL FROM if they are the same.
Agreed. I think they should have separated those records. But then I also think they should have created an _spf subdomain from the start instead of using the TXT record for the domain without any special qualifier...
Regards /Jonas -- Jonas Eckerman Fruktträdet & Förbundet Sveriges Dövblinda http://www.fsdb.org/ http://www.frukt.org/ http://whatever.frukt.org/