John Levine wrote:
We could easily write EHLO guidelines for SPF record checking and
publishing as separate document, kind of like BCP. In fact I'll
keep this in mind and bring it up on spf-discuss when things are
a little more calm from current spf-classic draft discussions.
We could, but since you can't tell whether the list of addresses in
an SPF record is supposed to apply to the EHLO address or the MAIL FROM
address or one of the message header addresses, what's the point?
Read on to see the point.
The domain names in my EHLOs is completely disjoint from the set in my
MAIL FROM and mail headers. How is SPF going to handle that?
I believe you will find that the EHLO/HELO is only checked if the MAIL
FROM fails. I think I have heard of other implementations where:
If the EHLO fails, you check the MAIL FROM, and if that passes then it
gets an SPF pass.
Either way, it doesn't matter if your EHLO fails (it does on many, maybe
even MOST systems), because as long as your MAIL FROM is SPF PASS, then
your mails SPF response on the whole is a PASS, and is not negatively
affected.
PS This is from memory, one of the developers are better qualified to
answer this question, if you don't trust my answer, but the
generalization is at least correct, AFAICT.
When it comes time to using the authorization to compare to domain
black/white listing, then the MAIL FROM domain and the EHLO/HELO domain
could be used as a query to the lists. So THEN a bad reputation of
either the domain in your MAIL FROM or your EHLO/HELO could give you a
bad score later down the line in SA or the like. But I don't think
anyone is doing that, if for no other reason then because there are no
ways of confirming the email is from the domain it claims until SPF is
deployed.
Terry
--
Terry Fielder
terry(_at_)greatgulfhomes(_dot_)com
Associate Director Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
Fax: (416) 441-9085