In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0412100806440(_dot_)31092-100000(_at_)sokol(_dot_)elan(_dot_)net>
"william(at)elan.net" <william(_at_)elan(_dot_)net> writes:
On Fri, 10 Dec 2004, wayne wrote:
In
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0412091138090(_dot_)31092-100000(_at_)sokol(_dot_)elan(_dot_)net>
"william(at)elan.net" <william(_at_)elan(_dot_)net> writes:
[note: I'm quoting out of order]
[SPF HELO checking has been in the SPF spec for a long time]
I agree but there very very few (anybody else other then Hector?) that
are using SPF for HELO checking (except special case when MAIL-FROM is
null) and it was not original intent of SPF either. I think if you're
putting together draft describing "Classic SPF" then HELO checking
should not be part of it.
The "special case" of a null MAIL FROM is really not that special. It
happens all the time and therefore SPF implementations have been
checking the HELO domain on a regular basis for a very long time.
The SPF wizard at spf.pobox.com has, for a very long time, told people
that they need to put SPF records at their HELO domains and given
example records based off the information the domain owner has
provided.
As for who is checking the HELO domain using SPF records, I know that
SpamAssassin 3.0 does and that AOL has experimented with it.
Changing the SPF HELO checking would be a very large change and I need
to understand why this change is so important that it outweighs ~15
months of support in SPF.
I'd like to see more data confirming it is indeed supported by majority
of current SPF implementations. If that is not so, I do not believe it
should be part of the draft.
All SPF implementations that I know of will do HELO checking in the
case of a null MAIL FROM. libspf2 has explicit support for HELO
checking since last spring.
I'm working on updating updating the SPF I-D now, and I've seen you
mention a couple of times that you don't entirely support the SPF HELO
checking.
No, that is wrong interpretation of what I've been saying. I support
SPF HELO checking, but I do not support using current SPF v1 records
for that and believe it would be better that we do it as part of
unified spf with new scope. As part of UnifiedSPF, I'd like to
see separate document detailing use of SPF for HELO checking (not
part of main draft) and that it provide BCP-like recomendation on
limiting complexity of SPF records that are used for HELO checking.
Are you suggesting removing the HELO checking in cases of a null MAIL
FROM? If not, then I don't think that the HELO checking aspect can be
easily or productively removed from the SPF-classic spec.
-wayne