[Dustin D. Trammell]
I agree that the original goal of SPF was to define authorized hosts
that are able to send as a given envelope domain, however I
believe the
scope of SPF has widened slightly, and is even reflected in the new
acronym definition "Sender Policy Framework". I consider the HELO
string to be "sender information", and since your domain can
potentially
be spoofed by someone else (and potentially end up in the headers), it
should be subject to the domain's sender policy.
Maybe we should stop putting HELO information in the received headers
and just stick with the IP and rDNS result? Does that violate any RFC's
or is this just current practice?
--
Seth Goodman