SPF checking HELO/EHLO host names

Friday, 16 October 2009

It has come to our attention that more e-mail servers are now performing SPF checks on the SMTP session HELO/EHLO greeting host name (in addition to checking the domain name part of the sender's e-mail address).

Therefore always make sure that your e-mail server is configured to use a correct host name (like "mail.example.com") in the HELO/EHLO greeting, and that an A- and/or AAAA-record exists for this host name in DNS.

Also, when using the "Automatic SPF" feature in Simple DNS Plus, make sure that the automatic SPF-record data is also valid for the HELO/EHLO host name, or define a specific SPF-record for the HELO/EHLO name in the zone where this belongs (this will override the automatic SPF record).

Note that the default automatic SPF record data "v=spf1 mx -all" will fail such a test if no MX-record exists for your HELO/EHLO name.
For example, if your domain name is "example.com" and your mail server is named "mail.example.com" (and uses this in HELO/EHLO greetings), you would probably only have an MX-record for "example.com" - not for "mail.example.com", and therefore "v=spf1 mx -all" fails to validate "mail.example.com".
Instead you could use "v=spf1 ip4: -all" (where is the IP address of your mail server), which would work for both types of tests.

For more information about SPF in Simple DNS Plus, see KB1148.
Be the first to comment on this page:
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)