Hi !!
I also think that because HELO is expected to be hostame that SPF record
should just directly list its ip (or ip block where it is located, but
this ip block should not be as wide as for mail-from) or at most include
reference to one dns lookup (i.e. like mx operator) but no complex
inclusions, references or complex macros that maybe usefull for
some case of MAIL-FROM SPF records.
one step further ... I want my domain (ols.es) to have an spf record
like "mx ~all", but i don't want anybody to use ols.es in the hello,
including me (as i always use full hostnames in my hello). How can
I specify this policy ??
so, i agree, hello policy must be separated from mail from: policy.
Then , what about having something like this:
ols.es. IN TXT "v=spf1 mx ~all" -> for mail from:
ols.es. In TXT "v=hello -all" -> to prevent hello forgery
a.lon.olsns.net IN TXT "v=hello a -all" -> for my hello's
a.mad.olsns.net IN TXT "v=hello a -all" -> for my hello's
and always make hello checks agains hello records (not only in the
case of the null envelope sender)
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------