In <20050526171042(_dot_)5259(_dot_)qmail(_at_)xuxa(_dot_)iecc(_dot_)com> John
Levine <johnl(_at_)iecc(_dot_)com> writes:
We could easily write EHLO guidelines for SPF record checking and
publishing as separate document, kind of like BCP. In fact I'll
keep this in mind and bring it up on spf-discuss when things are
a little more calm from current spf-classic draft discussions.
We could, but since you can't tell whether the list of addresses in
an SPF record is supposed to apply to the EHLO address or the MAIL FROM
address or one of the message header addresses, what's the point?
While far from perfect, it is possible to check the local part to see
if it is "postmaster" and use that to distinguish between HELO and
MAIL FROM. In order for this to strictly work, you can't send email
using postmaster from hosts that you have these kinds of SPF checks.
So, you could say:
example.com TXT "v=spf1 redirect=%{l}._spf.%{d}"
postmaster.example.com TXT "v=spf1 ... HELO policy ..."
*.example.com TXT "v=spf1 ... MAIL FROM policy ..."
Yes, this very ugly. Yes, if the designers of SPF knew two years ago
what we know today, we would have done a lot of things differently.
Lacking a time machine, we are kind of stuck with the semantics of
SPFv1 records.
-wayne