--Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Mark Shewmaker wrote:
It would *would* be nice if I could publish different records
to be used for MAIL FROM tests and HELO tests.
Actually you can if you are the domain owner and postmaster@:
I was going to say that but Frank beat me to it. I think something like
the following protects my name from being used in HELO by an untrusted MTA:
nekodojo.org. IN TXT "v=spf1 mx ptr redirect=%{l}._spf.nekodojo.org"
postmaster._spf.nekodojo.org. IN TXT "v=spf1 -all"
For my real outgoing mail, I don't use "HELO nekodojo.org", I use a more
specific hostname. (That should have its own TXT record but currently
doesn't). The above is just to protect against bogus uses of HELO
nekodojo.org. (If I were to submit myself to a whitelist or HELO-based
reputation system I would ask them to use the name of my mailers, not the
SLD itself.)
Perhaps this is enough to get us over the MAIL FROM vs. HELO hurdle for
now, and we can invent "proper" scoping in spf2...
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>