On Fri, 10 Dec 2004, David wrote:
Hi !!
Are you suggesting removing the HELO checking in cases of a null MAIL
FROM? If not, then I don't think that the HELO checking aspect can be
easily or productively removed from the SPF-classic spec.
I think HELO checking is specially interesting, but maybe it should be
treated separatelly, as it could require a diferent policy than
mail from:, i.e, you could allow many hosts to send mail on behalf
of your domain but not allow them to use you hello, also hello
checking has no problems with forwarding, so spf policy for helo
should end with -all and not with ~all
I agree, policy-wise implementation of HELO checking is different then for
MAIL-FROM which is why I said I'd much rather see separate document that
describes it.
I also think that because HELO is expected to be hostame that SPF record
should just directly list its ip (or ip block where it is located, but
this ip block should not be as wide as for mail-from) or at most include
reference to one dns lookup (i.e. like mx operator) but no complex
inclusions, references or complex macros that maybe usefull for
some case of MAIL-FROM SPF records.
---
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net