"Meng" == Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
writes:
Meng> OK, if CSV's authentication procedure is "does an A lookup
Meng> on the HELO name describe the client IP" then yes, it is
Meng> just as cacheable.
No, an SRV lookup on the HELO (then an A lookup on the result of that).
I think it works like an SPF record containing a single 'a' mechanism.
Meng> If an ISP wants to set a policy where it always says
Meng> HELO isp.com
Meng> instead of
Meng> HELO mx-1.isp.com HELO mx-2.isp.com HELO mx-3.isp.com
Meng> then the CSV authentication procedure may not be sufficient.
Normally you'd be expected to have something like:
mx-1.isp.com. IN A 1.1.1.1
mx-2.isp.com. IN A 2.2.2.2
mx-3.isp.com. IN A 3.3.3.3
_client._smtp.mx-1.isp.com. IN SRV 1 2 mx-1.isp.com.
_client._smtp.mx-2.isp.com. IN SRV 1 2 mx-2.isp.com.
_client._smtp.mx-3.isp.com. IN SRV 1 2 mx-3.isp.com.
But if you really want to use HELO isp.com, then in CSA I think it is
mx-1.isp.com. IN A 1.1.1.1
mx-2.isp.com. IN A 2.2.2.2
mx-3.isp.com. IN A 3.3.3.3
_client._smtp.isp.com. IN SRV 1 2 mx-list.isp.com.
mx-list.isp.com. IN A 1.1.1.1
IN A 2.2.2.2
IN A 3.3.3.3
Though the A record could end up getting big for a large ISP -- I
think the draft makes the point that ISPs may wish to change their
HELO strings to avoid saying HELO isp.com
-roy