On Sun, Jun 20, 2004 at 10:32:54PM +0100, Karl Prince wrote:
| This slide implies (very strongly) that in SPF Classic,
| checking the HELO is a MUST, but the latest posted RFC proposal
| (200405), section 2.2.1 says
| "SMTP+SPF receivers MAY check the HELO argument"
| My opinion is that it should be a MUST, but I am concerned
| about potential issues with potentially matching .local domains
| at both ends of the transaction.
In a new version of the draft we can put out something that
says "receivers MAY check any of the above identities, and
SHOULD check the following at least:"
HELO
MAIL FROM
PRA in the form of SUBMITTER if present