william(at)elan.net wrote:
Strictly speaking this is not correct (i.e. I bug in
RFC2821), you could have valid TLD domain that is a host
I've asked the author, because I thought that it could be
a typo, and he said it was _intentional_ He proposed a
way to update it (explicit dot at the end of a TLD host),
but the main point for me was "no bug".
It is perfectly valid for my host to connect by SMTP and
result in email being sent to username on the same host.
If you talk to yourself then it's of course okay. But if
you know that you never do this, then you could use it to
catch a forged HELO claiming to be you.
Not that this has a big long-term effect, but it's still
one of the tricks some spammers and mail worms try.
Your other idea, a DNS lookup of the HELO FQDN, is not
covered by 2821 (the opposite is true), and probably it
was this issue why Radu said that the FQDN is irrelevant.
I'll be strong in favor of skipping version 2 and going
to 3 for next generation of SPF.
Okay, a v=spf2 coexisting with sp2.0/x would be stupid ;-)
Bye, Frank