On Mon, 2004-09-20 at 16:33, Matthew Elvey wrote:
Here's the idea in a nutshell: CSV makes use of extant SPF records which
already list tens of thousands of domains that are authorized for use in
HELO.
Who supports/opposes this change?
Ney.
This is a repeat of an older debate. This would not be an improvement
over the current CSV draft. SPF often requires a series of lookups to
resolve an address list. This list is often not fully defined as it is
commonly intended to associate mailbox domains with a much larger set of
MTA addresses. It also may allow the EHLO domain to use SPF/Sender-ID
records as a means to spoof, as these records are often open-ended. The
host name used within the EHLO domain will require a separate record
anyway, so why not use a record that achieves an answer within a single
lookup? Why not use a different record which can not exploit a record
intended to associate mailbox domains with MTAs? Making SPF/Sender-ID
records an optional fall-back will only cause problems. SPF/Sender-ID
does not need to be an "all for one, and one for all" record. : )
-Doug