No one is talking about extending SPF. SPF was was extended to
support HELO checking a long time ago.
Yes, that was a poor choice of words on my part. I think my point was, your
average sender and implementation is simply using the mail from string. But
I think the history and ability of SPF to do HELO checking has been
established through the posts to this list for the last week, so I'm going
to try and gracefully stay out of that argument. :)
I don't think anyone is claiming that the HELO checking supported by
SPF is optimal. It does, however, allow for some things that simple A
RR checking can not. Consider:
www.example.com. IN A 1.2.3.4
www.example.com. IN TXT "v=spf1 -all"
Checking the A record would allow www.example.com to be used in the
HELO command. Checking the SPF record would deny it.
That's a good point, esspecially considering all the cable modems out there
that have valid A record lookups. The SPF method, though more complicated,
would give the ability to FAIL those situations.
Thanks for the input,
-Brian.
Brian Barrios
703.265.7456 / IM: BrianAntiSpam
Antispam/Postmaster Group - America Online, Inc.