--On Donnerstag, Februar 26, 2004 20:59:08 -0500 Hector Santos
<winserver(_dot_)support(_at_)winserver(_dot_)com> wrote:
[...]
A loophole is one that allows a "check" or "logic" to be bypass where the
"intention" was such the exact situation was not to be allowed in the
first place.
The there is no loophole in SPF with regard to HELO.
SPF validates a MACHINE as a sender machine. It uses a DOMAIN to
associate the machine with the DOMAIN. That domain from either the
return path (MAIL FROM) or the client machine domain (HELO/EHLO).
No. SPF verifies that the *sender* of the mail is is allowed to send from
the remote host. Nothing more. It does *not* validate any host (or rather
its identity). If you want to validate hosts, just use TLS and
certificates. SPF is meant to do less (but still enough to avoid a lot of
unwanted mail) with less cost and (IMNSHO very important) less collateral
damage.
Ralf