On Tue, Feb 24, 2004 at 11:59:48AM -0500, Meng Weng Wong wrote:
|
| Let's find a way to express the desired new functionality in the
| existing syntax.
|
| perhaps scope=mailfrom,helo?
|
if (helo domain has an spf record
AND
spf record indicates scope=...,helo,...
) THEN
honour SPF record for domain
So we want to restrict the use of mail.baschny.de.
mail.baschny.de TXT "v=spf1 scope=mailfrom,helo a -all"
That way, SPF clients that understand "scope=helo" semantics will always
do a lookup on FQDN helo, and if they get back a scope=helo, they will
honour the SPF record. If they do not get a scope=helo, they will
proceed as usual, to check the return-path.
This accommodates people who want to protect their HELOs and the people
who do not. By default, people are assumed to not want to protect their
HELOs; this position is necessary because of the rfc SHOULD vs MUST syntax.