Re: [Asrg] SPF's helo identity as a reporting target

[Alessandro Vesely <vesely@tana.it>]

On Sun 13/May/2012 11:07:45 +0200 Chris Lewis wrote:
> On 12-05-12 03:59 AM, Alessandro Vesely wrote:
>> This probably belongs to ASRG, not only because MARF has finished, but
>> also because a *Taxonomy of reporting targets* should be hosted
>> somewhere, and I'm unable to think of a better place than this list's
>> wiki.
>> 
>> Opinions?
> 
> It would be nice if it could be made usable.
> 
> This would tend to make a large organization having all of their servers
> helo exactly the same way, which flies in the face of industry BCP (eg:
> MAAWG), and even if it wasn't specifically RFC5321-illegal, clearly
> violates its intent.

I see nothing wrong if an organization uses the same helo name for all
its mailouts.  A helo name does not have to be a label of any DNS
record.  However, in case it has an SPF record it could be validated.

> The absolute death of this proposal is, tho, that it puts the abuse
> reporting address under the control of the spammer and becomes a DDOS
> weapon.
> 
> I could just see it - it gets implemented for tana.it, and the next
> day's blast of 10 billion cutwail botnet spams uses "HELO tana.it".
> 
> Kaboom!!!

No, wait.  Didn't I say it has to get an SPF "pass" to get usable?
I must have considered it implied... my bad.

An idea is that if you offer virtual MTA services, you may want to get
complaints.  Unless you hijack each customer's abuse@, using helo
names might be more practical than relying on RIR's whois, depending
on your network providers.  But did anyone try that?  And if anyone
did, where do they publish their experiences?  Where do postmasters
learn to target complaints effectively?