Scott Kitterman wrote:
Is anyone aware of any actual problems resulting from the
current v=spf1 HELO/EHLO checking processes?
All v=spf1 results different from PASS, NONE, and errors are
dubious for HELO checks, because anything else should be a
HELOFAIL. We could try to fix this with op=helo.
Complex policies using %{l} are not exactly what you want
for a HELO check, what's the "local part" of a HELO ?
Greg and the v=spf1 spec say postmaster@, but the real
postmaster@ might have better ideas for his address than
being (ab)used in HELO checks.
v=spf1 is not very elegant to handle HELO. A separate
spf2.0/hello scope with simplified results will be better.
Bye, Frank