Hi all, here's an idea inspired by articles from Hector, Meng,
Scott, and William:
6.3 p: properties
properties = "p=" name *( "," name )
The p modifier introduces a comma-separated list of properties.
New properties can be defined in additional documents in the
same way as new modifiers.
An initial set of properties is defined below:
"hector", "meng", "scott", and "william".
6.3.1 The "hector" property
The "hector" property indicates, that the FQDN given in a HELO
or EHLO command is always sent by one the IPs permitted by the
sender policy for this domain.
Note that this is already required for an empty return path as
specified in [2.1]. The "hector" property allows to reject all
mails in a SMTP dialogue, if the sender policy of the FQDN given
in the HELO or EHLO does not permit the IP of the SMTP client.
6.3.2 The "meng" property
The "meng" property is only used by trusted forwarders. This
trust has to be pre-arranged between the client (forwarder)
and affected servers (destinations).
If a receiver recognizes the FQDN of a trusted forwarder in a
HELO or EHLO, it verifies its IP as specified for the similar
"hector" property (6.3.1). If the "meng" property is present
in the corresponding sender policy, all further SPF checks for
the SMTP session are disabled.
A forwarder specifying the "meng" property MUST implement SPF
checks for all forwarded mails. It MUST NOT forward mails to
destinations without prior arrangement, if that could result
in a SPF "Fail".
Without prior arrangement a forwarder with the "meng" property
MUST either use a sender rewriting scheme, or reject the mail
with error code 551. For details about error 551 see [STD 10]
and [RfC 2821].
If a forwarder with the "meng" property is also a MSA, then it
MUST enforce submission rights as sepecified in [RfC 2476].
6.3.3 The "scott" property
The "scott" property indicates that no other user of mailers
resulting in a "Pass" can forge any addresses covered by the
sender policy. This is often the case for MSAs as defined in
[RfC 2476], but many MSAs and smart hosts still allow to use
any MAIL FROM after a succesful authentication.
For details about enforced submission rights see [RfC 2476].
6.3.4 The "william" property
The "william" property is used, if the address found in one of
the mail header fields Resent-Sender, Resent-From, Sender, or
From in this order as defined by [STD 11] always matches the
MAIL FROM mailbox address defined by [STD 10].
The "william" property can be used by MUAs to identify the
responsible sender in a mail after their border MTA verified
the MAIL FROM address with SPF and inserted a corresponding
Return-Path into the header.
The "william" property allows to split the responsibilities
of SPF tests at the receiver between MSA and MUA in different
ways, and its main purpose is to prevent "phishing" attempts.
The "william" property SHOULD NOT be used in sender policies,
if affected users cannot disable it individually. Some MUAs,
MSAs, and mailing lists enforce valid MAIL FROM addresses, but
don't enforce a corresponding address in a mail header field.