Alan DeKok wrote:
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:
The thing I don't understand about HELO schemes is what they buy that we
would not get from simply requiring senders to give a domain name that
correctly resolves to the ip address of the sender sever.
A little more flexibility.
Additionally, specifying first a scheme for validating HELO allows easy
extensibility to other 'identities'. In SPF syntax, the record used to mean
"any MTA that can call itself example.com can send with MAIL FROM:
*(_at_)example(_dot_)com" could simply be "v=spf1 helo".
This provides some separation of accountability for the MTA itself vs. the
messages transmitted through it. Perhaps major ISPs, e.g. AOL, would want to
protect themselves from random MTAs claiming to be AOL systems, but not want
to immediately stop their users (and others, of course) from using MAIL FROM
jrandomusername(_at_)aol(_dot_)com(_dot_)
This is, I think, a useful gradation.
Philip Miller