Hi !!
I wouldn't mind hearing from the SPF experts as to why extending SPF and
making the algorithm more complicated buys us anything over a simple A
record check?
acouple of things about it:
a) rfc says what everybody must use in the helo, maybe it will be better
to just enforce it.
b) why complicate spf with helo checking when all this checking could be
avoided by viruses/spam just using the correct ip literal in the helo
c) helo checks in spf do not exist, altough someone may argue against
it, spf classic only uses (not checks) the helo to construct a
sender address when no sender address is available. So people
is publishing spf records without thinking that the rest of the world
will use them to check his helo's, so it's not good to use spf to
check the helo when the spf record publishers has not published it
for this purpose
d) also if you want to protect your helo using spf you will have to
do more than one workaround, in some cases you will not be able
to do it without restrictions, and in most cases you will have to
publish more complicated spf records that will require more than
one dns lookup.
In the meantime and as helo checks are now (but only now) useful, why
not separate it from spf, make a simple and fast spf like variation
for them and use it until everybody has a strictly rfc compliant helo ?
--
Best regards ...
It's a fine line between fishing & standing still
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------