I would be happy to have you or anyone else explain to me (a) What data indicates that a non-trivial number of servers have SPF policies on their host name, and (b) How the answer to that lookup provides information useful to an evaluation decision.
Helo authentication is easily provided for himself by an attacker using owned infrastructure, so it is not actionable even in the unlikely event that it is detected. That part of the spec is simply not useful DF On Fri, Jun 7, 2024, 4:20 AM Richard Clayton <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <[email protected] > il.com>, Douglas Foster <[email protected]> writes > > >Here is an example of the real problem: > > > >Example.com is hosted on Outlook.com > > > >The user's mailbox is full, so > > so hopefully you get a 4xx or 5xx to that effect and your own server > tells you of the issue, but playing along ... > > >I get a bounce message with these > >characteristics: > >From: [email protected] > >MailFrom: <null> > >Helo: servername.protection.outlook.com > > are you sure that you don't get a bounce message from > [email protected] ? > > which would of course be authenticated just fine > > >How does it help my evaluation to do an SPF test on the HELO name? > > because you want to follow the spec ? > > - -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBZmLCst2nQQHFxEViEQKpbgCfTqSzAW9+1FewlGNIXmEP8pDSm5wAoMK+ > lC5tvnUIqXFgq6Q8DzRPmQUC > =ApAS > -----END PGP SIGNATURE----- > > _______________________________________________ > dmarc mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
