In <4278CCBD(_dot_)2040207(_at_)ohmi(_dot_)org> Radu Hociung
<radu(_dot_)spf(_at_)ohmi(_dot_)org> writes:
Mark Shewmaker wrote:
From section 2.1 of
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-01pre5.html
:
| It is RECOMMENDED that SPF clients check not only the "MAIL FROM"
| identity, but also the "HELO" identity
[...]
| If the HELO test is performed, and results in a "Fail",
| the overall result for the SMTP session is "Fail",
| and there is no need to test the "MAIL FROM" identity.
I would suggest that checking HELO with SPF is misguided at best.
HELO checking in SPF has existed since the earliest draft of the SPF
spec that I have found. (about 2 years old now...) This form was
limited to using the HELO domain when the MAIL FROM was null. About a
year ago, this was liberalized to saying that you MAY checked the HELO
domain in all cases, and in the schlitt-spf-classic-00 draft, it was
changed to SHOULD.
While there have certainly been people who have argued against HELO
checking in SPF, the clear majority have argued for it to be extended
to its current form.
You have listed many of the same anti-HELO-checking arguments that
have been listed before. I will not repeat the pro-HELO-checking
arguments as they are found in the spf-discuss archive.
-wayne