SPF checking HELO/EHLO host names

Friday, 16 October 2009

It has come to our attention that more e-mail servers are now performing SPF checks on the SMTP session HELO/EHLO greeting host name (in addition to checking the domain name part of the sender's e-mail address).

Therefore always make sure that your e-mail server is configured to use a correct host name (like "mail.example.com") in the HELO/EHLO greeting, and that an A- and/or AAAA-record exists for this host name in DNS.

Also, when using the "Automatic SPF" feature in Simple DNS Plus, make sure that the automatic SPF-record data is also valid for the HELO/EHLO host name, or define a specific SPF-record for the HELO/EHLO name in the zone where this belongs (this will override the automatic SPF record).

Note that the default automatic SPF record data "v=spf1 mx -all" will fail such a test if no MX-record exists for your HELO/EHLO name.
For example, if your domain name is "example.com" and your mail server is named "mail.example.com" (and uses this in HELO/EHLO greetings), you would probably only have an MX-record for "example.com" - not for "mail.example.com", and therefore "v=spf1 mx -all" fails to validate "mail.example.com".
Instead you could use "v=spf1 ip4: -all" (where is the IP address of your mail server), which would work for both types of tests.

For more information about SPF in Simple DNS Plus, see KB1148.