In <603278271(_dot_)20040702123837(_at_)brandenburg(_dot_)com> Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> writes:
GC> Mechanically, CSV and SPF are both capable of checking HELO.
Mechanically, CSV and SPF are both fruit. But let me tell you, you do
not want to think about or use durian the same way you think about and
use oranges.
However, your statement highlights a deeper problem in most of the
efforts to discuss CSV and SPF differences: Such efforts are almost
entirely tied to mechanical and syntactic issues and do not focus on
underlying concepts.
CSV and SPF are fundamentally different pardigms.
CSV vets an MTA's traffic.
SPF vets an RFC2822 author/sender's message.
Dave:
You appear to be confusing SPF with Sender-ID. SPF vets the 2821.FROM
and the 2821.HELO. Sender-ID and Caller-ID vet the
2822.From:/Sender:/etc.
I posted the following messages as a direct reply to address your
confusion:
http://www.imc.org/ietf-mxcomp/mail-archive/msg02494.html
Your continued confusing of Sender-ID with SPF is as bad as if people
confused your earlier proposals of DSAR/HNAA with CSV. Worse, it
appears that your confusing is creating problems for others.
Now, since SPF-classic (see link above) doesn't have anything to do
with the 2822 information and *does* validate the HELO domain, most of
your message is, at best, irrelevant.
Granted, SPF-classic's validation of the HELO domain has not been
cited as a key feature of SPF, so this confusion is a little more
understandable. I did address it in this recent message:
http://www.imc.org/ietf-mxcomp/mail-archive/msg02508.html
-wayne