On 30 Jan 2021, at 13:23, John Levine wrote:
In article <[email protected]> you
write:
The issue isn’t the existing use of HELO names, it’s how they
could
be (mis-)used. The fact that a message sender can put anything there
makes HELO basically meaningless.
This is DMARC -- the HELO domain has to match the header From: and
there
has to be an SPF record that validates it.
True, but only if the MAIL FROM address is null and there isn’t a
valid aligned DKIM signature.
The most plausible case is that it's a bounce messsage
From: [email protected]
the MAIL FROM is null, HELO is mta27.foo.bar.example.com, and the SPF
record for mta27.foo.bar.com says that IP is OK.
So in this case, why involve the HELO at all? One could just check the
SPF record of the header From: that it’s trying to align with. Except
that’s probably SenderID, not SPF.
-Jim
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
