Today I noticed yet another item dealing with SPF-classic HELO
checking that was absent from draft-lentczner-spf-00 that was in
spf-draft-200406. Even the hints that SPF records must be published
for the domains used in the HELO/EHLO commands were removed.
spf-draft-200406 not only had a few hints sprinkled here and there,
but it had an entire section (8.3) dedicated to the subject.
While I didn't create a new section, I did make it clear in the
section on publishing SPF records (3.1 in schlitt-spf) that SPF
records are needed for sending MTAs. This requirement is still in
lentczner-spf, but you have to read section 2.1 "Mail From Identity"
very closely and understand all the implications.
Roger Moser pointed out a couple of other problems.
* IPv4 mapped IPv6 addresses need to be treated as IPv4 addresses.
(libspf2 has done this since last spring, and I'm guessing RMSPF has
too.)
* The ABNF for the Received-SPF: headers needs to use LWSP instead of
SP.
Again, this document is *not* intended to be an official statement of
what SPF-classic is, I think that will need to be decided in an more
open fashion by the SPF council.
The documents can be found at:
http://www.midwestcs.com/spf/spf_classic_libspf2/draft-schlitt-spf-01.html
http://www.midwestcs.com/spf/spf_classic_libspf2/draft-schlitt-spf-01.txt
http://www.midwestcs.com/spf/spf_classic_libspf2/draft-schlitt-spf-01.xml
A unix diff between draft-lentczner-spf-01.txt and
draft-schlitt-spf-01.txt can be found at:
http://www.midwestcs.com/spf/spf_classic_libspf2/spf-lentczner-schlitt.diff.txt
-wayne