Yes, I was going to propose this myself but didn't want to muddy the water.
I recommend two new directives:
nor noredirect allowed
noi noinclude allowed
The SPF client who fail a request to redirect or include to a system with
one of the directives found.
----- Original Message -----
From: "wayne" <wayne(_at_)midwestcs(_dot_)com>
To: "SPF discussions" <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, February 24, 2004 4:51 PM
Subject: Re: [spf-discuss] how to protect the HELO using SPF
In <20040224165948(_dot_)GZ27676(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong
<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
Let's find a way to express the desired new functionality in the
existing syntax.
perhaps scope=mailfrom,helo?
On a somewhat related subject, it would be nice if you could mark SPF
records as being valid for include: mechanisms only. It is awfully
tempting to use something like include:%{l}.spf.%{d}, and have that
resolve to "v=spf1 +all" in some cases. However, that opens up those
subdomains for being abused.
-wayne
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-20040209.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡