[Wylug-discuss] SPF + SMTP (was Re: SMTP standards ...)

Jim Jackson jj at comp.leeds.ac.uk
Mon Mar 29 11:34:19 BST 2004


On Sun, 28 Mar 2004, James Holden wrote:

> That's "broken" too then. Nigels exim setup also does sender
> verification, which IMO is far more sensible than rejecting at the EHLO
> stage. joe at company.com still exists, even if postmaster at company.com is a
> clueless twerp (who's probably using MS Exchange).
>
> "An SMTP server MAY verify that the domain name parameter in the EHLO
> command actually corresponds to the IP address of the client.
> However, the server MUST NOT refuse to accept a message for this
> reason if the verification fails: the information about verification
> failure is for logging and tracing only."
>
> Emphasis *not* added by me.

Using the broken ehlo/hello stuff later on in spam scoring is a very
useful tool. But it's then up to end users to accept/reject depending on
spam scores. And NO RFC can dictate what MY policy is for binning or
dealing with email in my inbox :-)

On the theme of checking envelope stuff has anyone looked at SPF (sender
policy framework - http://spf.pobox.com - it a draft IETF RFC)?
It looks promising to me, while I realise there are serious problem -
mainly forwarding and the need for something like the Sender Rewriting
Scheme (see same site) or similar.

I know there are a few ISP people on the list and I'd interested in their
organisations are looking at this? There is some discussion here at Leeds
Uni about using it.




More information about the Wylug-discuss mailing list