I'm curious if CSV considered situations where HELO/EHLO has dns A record
that properly matches ip address if SMTP Client?
This appears to provide same kind of verification that EHLO name is true
and being used by appropriate client as what CSV is trying to do.
I understand not every SMTP client is able to have this setup and have
properly matching 'A' record, but it might be good idea for CSV to
consider this to be kind-of like legacy EHLO verification and build on
it so that if CSV SRV record fails and 'A' does match appropriately
than CSV be considered to have been verified anyway.
While CSV should not say that any mail system just doing EHLO verification
and only checking if 'A' matches SMTP client (like Sureh does) is a CSV
compliant verifying system it might be good idea to say that mail system
that have properly matching EHLO 'A' record are CSV compliant as far as
their published dns records and considering that there are a lot of
systems like that, this could be beneficial to CSV promotion and that
of EHLO verification in general.
BTW - Assume that when I say "A" record, this is also meant to include
"AAAA" if SMTP client is using ipv6.
---------------------------------------------------------------------------
That I'm writing about this here should not be taking as my support for CSV.
I support having EHLO identity being properly verified in SMTP session in
general - be it with SPF EHLO or CSV and both are able to do what is needed.
Also I'll be proposing similar to above for SPF - in their case it
would be an assumption that if there is no SPF record for EHLO host,
that "spf a ?all" is to be considered safe default record to use.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net