> given DOMAIN, attempt to connect to https://www.DOMAIN/.
I would use RHS lists that used this as a key factor in their
reputation-assigning algorithms, such as one that assumed that such
domains were sources of ham until proven otherwise, because certs cost a
lot.
I would NOT like to see SPF code checking this directly. That's a very
bad idea, when the use of RHS lists is so much easier and more appropriate.
The reputation service can do the check the first time it's asked about
a domain, and then once a day, perhaps. Creating and tearing down an
SSH connnection for each message is nuts.