spf-discuss
[Top] [All Lists]

SPF HELO checking

2004-12-10 08:15:42
In 
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0412091138090(_dot_)31092-100000(_at_)sokol(_dot_)elan(_dot_)net>
 "william(at)elan.net" <william(_at_)elan(_dot_)net> writes:

[...]  And also agree with statement he put and would request that it
be added to the SPF draft (right after where it says SPF v1 record
MUST be used ONLY for purposes of verifying envelope from or helo as
specified in the draft - although personally I'd rather SPF v1 records
be limited exclusively to envelope-from scope).

I'm working on updating updating the SPF I-D now, and I've seen you
mention a couple of times that you don't entirely support the SPF HELO
checking.

One of my core goals with the new I-D is to having it remain as
compatible as possible with previous SPF specs.  I don't believe
the SPF specs can't be improved upon, but I think it is long past time
to try and tweak them.  The SPF spec has, for all practical purposes,
been frozen for 6+ months, and in many ways has been pretty slushy for
12+ months.

Changing the SPF HELO checking would be a very large change and I need
to understand why this change is so important that it outweighs ~15
months of support in SPF.



The history of SPF HELO checking:


The idea of checking the HELO domain when the MAIL FROM was NULL was,
to the best of my knownledge, first suggested by Justin Mason on Sept
29, 2003.  See:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200309/0044.html

Checking the HELO domain for an SPF record exists in the oldest SPF
spec that I have handy (Nov 13 2003).

As far as checking the HELO domain with SPF even when the MAIL FROM is
not NULL,  On Jan 21 2004, I wrote:
"I think using SPF to check the HELO string has some merit"
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200401/0803.html

On Mar 23 2004, the same day Matthew Elvey first posted to the MARID
list, I wrote again:  "HELO checking should always be done"
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200403/0428.html
MARID list started: Mar 5

Later, Hector Santos lobbied much harder for optional HELO checking to
be added to SPF, even when the MAIL FROM wasn't NULL, and Meng added
it to the SPF draft spec of Apr 21 (spf-draft-200403.txt).


-wayne