Agreed. We tried this in $OLD_JOB, but it didn’t last very long… -- Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) DTMB, Michigan Cyber Security
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Franck Martin Sent: Tuesday, July 07, 2015 14:41 To: tqr2813d376cjozqa...@tutanota.com Cc: Brandon Long; mailop; John R Levine Subject: Re: [mailop] EHLO/rDNS match On Mon, Jul 6, 2015 at 5:34 PM, <tqr2813d376cjozqa...@tutanota.com<mailto:tqr2813d376cjozqa...@tutanota.com>> wrote: 7. Jul 2015 00:22 by jo...@taugh.com<mailto:jo...@taugh.com>: -all only means something if it's by itself, ie as used to say a domain never sends email. The SPF crowd would claim otherwise, that -all means reject the message with or without other stuff, but I agree that in practice you can't do that other than for plain -all meaning we send no mail. If bigger carriers like Google or Yahoo suddenly started sending perm/temp errors where appropriate for validation errors (too many DNS lookups, malformed record, etc), -all, and others it might kick enough people in the rear that the practice then becomes OK. Or so I would hope. :) When you do such things, you have t figure out how many "legitimate" messages you will be blocking. You will then have to figure out, which helpdesk is going to explode, the sender one, or the receiver one? Considering many people don't look at their logs nor understand bounce messages (they are ghastly). There is very very little incentive for a receiver to enforce to the letter the RFCs.
_______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
