SPF(MAILFROM, IP) => FAIL
SPF(HELO, IP) => PASS
This causes multiple lookups, adding to an already considerable overhead on
DNS. DMP did this too, but I'd gladly not do that if the information in
SUBMITTER is available.
CSV avoids this completely by ignoring the mailfrom information and sticking
with HELO, but it too requires a second lookup to a reputation providership.
I also argue that a CSV-using mail server could set itself up as a reputation
provider, much like a secure site can use a private CA certificate or a
self-signed certificate.
I believe in the interest of keeping total overhead down, especially DNS
overhead, SUBMITTER is very important, and Resent-From: could be used in lieu
if SUBMITTER (ie: on a non-ESMTP server). And the arguments against
Resent-From don't wash with me either - if you're really worried about exact
RFC2822 semantics, make it an x-header (such as X-MARID-Resent-From:).
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
Sometimes it's hard to tell where the game ends and where reality bites,
er, begins. <http://vmyths.com/resource.cfm?id=50&page=1>