I wrote:
A domain doing SES publishes "v=spf1 exists:%{l}._ses.%{o}
-all". Of course the receiver can interpret this record at it
desires, but if it uses it for anything else than the MAIL
FROM address, then it is just stupid.
Phillip answered:
I agree in that case, but that follows from the record itself, the
definition of {o} and {l} determine that.
I don't see the need for a scope record since the macros implicitly define
the scope.
Then following should be stated in the specification:
If there an %{l} macro but no %{i} macro in a "+exists" mechanism in the SPF
record or in any included SPF record or in any SPF record redirected to,
then the scope is "MAIL FROM only".
But I think saying "spf1 records are for MAIL FROM and HELO only" is much
better.
Roger