In respons to Andy's original post. It looks reasonable to me.
It is pretty much what I have been saying all along.
Someone please explain why checking HELO, in case of _null_
MAIL FROM, is a bad idea.
Otherwise, I really like the acknowledgement that the
receiver will decide which identity to verify.
I think checking HELO is a great idea in any circumstance.
I don't think that a fail result has a great deal of utility
but a positive result is useful.
But what does it have to do with MARID? HELO should contain
the DNS name of the MTA. You can do a forward check of that
for consistency without the need for MARID.
The problem with HELO is that there is a lot of goop out there
which just sends any old garbage. If we try to make the HELO
check more precise we are going to end up requiring changes
that require MTA code to change.
I believe there is a hierarchy of infrastructure to be protected
from mandated change that results from the difficulty of change
as follows
Highest Protection
MUAs
Originating MTAs
Non-commercial intermediaries (mailing lists)
Commercial intermediaries (forwarders, postcard sites)
Commercial Services
Lowest Protection
The reason I would list commercial as lower protection than non-commercial
is that the green stuff tends to create incentive to stay current.
Phill