On Sun, Feb 29, 2004 at 04:08:42PM -0500, Theo Schlossnagle wrote:
[on rfc2821]
I agree that you could reject the parameter to EHLO based on an
SPF-style TXT record lookup for the domain used as an argument. But it
doesn't buy you anything as I see it. You are ultimately attempting to
keep it out of the Received headers path, but the spoofing (or one like
it) could have been easily inserted into the current RFC2822 payload
already by the sender.
I just posted a reply to another post where I outline another reason
to check HELO. It's not all about the received lines.
cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags