"v=spf1" MUST be valid for the "HELO" scope or the message/record is not
compliant enough with the SPF specification to ensure a 'pass'.
Mark's statements to the contrary are incorrect. (Read the spec - the
SPF I-D - http://spf.pobox.com/spf-draft-200406.txt , which says that
the HELO check MAY be done on any message.
Hey, Meng - it's way too hard to find the I-Ds on the site since the
redesign! )
From the spec:
"An SMTP sending host MUST also resolve a "pass" for all the
SPF-conformant domains which appear in the "HELO" or "EHLO" command."
Mark Lentczner wrote:
On Sep 13, 2004, at 8:39 PM, wayne wrote:
I again ask that the "v=spf1 " magic number be interpreted as
"spf2.0/mailfrom,helo" in the SenderID spec.
[T]he use of the HELO domain in the classic SPF check does not
constitute a check on the HELO scope:
See spec.
It is not ascertaining the authorization of the use of the domain name
in HELO.
See spec.
The use of the HELO domain to construct a MAIL FROM identity when
the reverse-path is null ("<>") is still checking the authorized use
of the domain name as a MAIL FROM name.
See spec.
It does not constitute a blanket assertion about domain use in HELO.
See spec.