On Fri, 9 Jan 2009, Scott Kitterman wrote:
AFAIK, no. There are people that will argue layer violations, but I'm
completely unaware of any real situations where it would be problematic.
RFC4408 explicitly says to apply SPF to HELO for empty MAIL FROM.
I guess the leap here is to apply it to HELO for all MAIL FROMs.
(The only case I can think of is where the admin depends on softfail, and
deliberately uses an MTA that is not in the explicit IP list.
That would be a really dumb thing to do, but......)
If this is correct, it would be good to add a few words in the "marketing
literature" to say so.
I believe it's correct.
I'm all in favor of better marketing literature, but lack the time to write
it. Patches gratefully accepted.
If you (or anyone) has suggestions on how better to describe this on the
openspf.org web site, please send text.
The CSV folks won't be happy. CSV does a slightly better job at HELO
checking - but hasn't gotten the traction. I've had CSV checking on
my TODO list for some time - any examples of real CSV records out there?
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com