Meng Weng Wong wrote:
People seem to think:
wrong: an auth pass for HELO or SUBMITTER
wrong: overrides
wrong: an auth fail for MAIL-FROM
I would like to emphasize that the above text, indicated by
"wrong", is wrong.
right: an auth+policy pass for HELO or SUBMITTER
right: overrides
right: an auth fail for MAIL-FROM.
The "policy" component is required: it means that the
receiver must have chosen to trust the HELO or SUBMITTER.
After my long list of NAKs to your attempted murder of v=spf1
here's finally something where I fully agree. Reading "WL"
instead of "policy", but that's probably what you mean (?)
I still don't see where SUBMITTER is really necessary in this
concept. An SPF-tested HELO found in a local white list, why
isn't that good enough for forwarding scenarios ? It's very
similar to trusted-forwarder.org, only better. Where's the
added value of SUBMITTER ? The SUBMITTER stuff changes SMTP,
it works only for new MTAs. The HELO solution works with all
MTAs supporting v=spf1 resp. spf2.0/mfrom, and that's all you
need as forwarder. If an MTA doesn't support SPF, then you
need no tricks to overrule an spf2.0/mfrom FAIL. Bye, Frank