On Thu, 6 Apr 2006, Matthew Elvey wrote:
From the soon to-be Experimental RFC:
It is RECOMMENDED that SPF clients check not only check the "MAIL FROM"
identity, but also separately check the "HELO" identity ....
SPF clients MUST check the "MAIL FROM" identity.
At the time of this writing, many otherwise legitimate E-Mails are
delivered with invalid HELO domains.
As I and others have said before, the HELO check ought to be a MUST as
MUST does not match current deployment. Since SPF draft tries to document
how SPF is used right now, we can not change to MUST in v=spf1 spec.
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com