Dave Crocker wrote:
Quote <200504010906(_dot_)58270(_dot_)blilly(_at_)erols(_dot_)com>:
Draft section 2.1.3 refers to a "new message" several times
[...]
Unquote <200504010906(_dot_)58270(_dot_)blilly(_at_)erols(_dot_)com>
It seems to me the fundamental advantage of CSV over SPF
is that CSV doesn't try to associate domain names with IP
addresses outside of that domain.
Maybe use "|" instead of ">", it took me some time to find
that that's nothing what Bruce said.
SPF is strictly focussed on per-message behavior
It has also HELO checking. Not as elaborated as the CSV
strategy to find a parent domain, and it allows policies
which are *_much_* too complex for this simple purpose.
If a "reader understands the master zone file format", as
Tony said, then he will manage to publish something like
a simple "v=spf1 a -all" for host names used in a HELO.
Trying to test CSV before SPF for this purpose (HELO) is
better assuming roughly the same deployment.
does not provide a means of assessing aggregate MTA
operations.
Creating white or black lists for PASS results is also
possible for HELO PASS results. The main advantage of
SPF is that it allows to reject forgeries at the MX.
Bye, Frank