-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Meng
Weng Wong
Sent: Friday, September 24, 2004 12:52 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] moving on from MARID
I suggest that we proceed under the working assumption that
the patent apps do not in fact cover SPF Classic.
I propose that we focus on developing and refining Unified
SPF, with the following main points:
1) Receivers should check all three identities:
A) HELO hostname
B) MAIL FROM return-path
C) SUBMITTER if provided
D) if checking is done after the DATA command, the PRA
Might it be prudent to leverage off of the possibility that a CSV HELO check
has already passed. As I understand it, CSV checks at the start of an SMTP
session and is valid for the entire (potentially multi-message) session
unless the SMTP client provides a new HELO name in the middle. If CSV has
already passed the HELO identity, an SPF based check would seem redundant.
Now this wouldn't provide, I don't think, any enhanced security, but it
should be more efficient both in terms of local resources and DNS loading.
Scott Kitterman