Radu Hociung wrote:
All a spammer has to do is find a host name, *any host name*
without a TXT record, and use that in the HELO.
True, but he can't claim HELO xyzzy.claranet.de at the moment.
I'm not too excited that "my" HELO is "protected" by SPF, but
OTOH it nicely gets rid of HELO xyzzy.claranet.de MAIL FROM:<>
issues. It might be also important in one of these reputation
systems like draft-irtf-asrg-iar-howe-siq-01.txt
Your argument "the spammer could simply pick something else"
is also valid for the MAIL FROM. In fact I hope that he picks
something else. As always SPF is about FAIL, it only tries to
"harden" the FQDNs and addresses, because spam fighting based
only on IPs is not more good enough.
With a "verified HELO" (= permitted IP) you can do some really
interesting stuff like your forwardmaster-plan or op=trusted.
I still hope that somebody explains what HELO PermErrors mean.
Maybe Hector, he's the biggest fan of HELO checks. Bye, Frank