On Sun, 9 Jan 2005 21:24:02 +0000, Tony Finch wrote:
SPF isn't good enough for HELO verification, because it doesn't have a way
of distinguishing between a HELO name that is invalid for legacy reasons
and a HELO name that is invalid for malicious reasons. CSA will have a
mechanism to do this.
This kind of mechanism is less necessary for mail domains (SPF's main
target) than for HELO names, because a mail domain MUST have a valid MX,
A, or AAAA record in the DNS, whereas historical practice allows HELO
names to be completely bogus. About a third of sites rely on this loop
Yes.
More generally, we need to be careful not to conflate statements about
authorship with statements about operations. The From/Sender/MailFrom domains
involve folks directly involved in the content. HELO involves an agency that
is providing transport, pretty much independent of content.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net