-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Mark
Shewmaker
Sent: vrijdag 6 mei 2005 20:14
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: HELO versus MAILFROM results
On Fri, May 06, 2005 at 04:30:20PM +0000, Mark wrote:
On vrijdag 6 mei 2005 7:04, Radu Hociung wrote:
The only check that might be remotely valid is to check the A
record to ensure it matches the IP address.
Which would not be 'remotely valid', but 100% safe (barring
DNS hacks, of course).
Could we have an optional "match" key for the Received-SPF line that
could be used when the result is "None" and set to "yes" or "no"?
Section 7.2, The Received-SPF header, says:
Other key-value pairs may be defined by SPF clients. Until a new key name
becomes widely accepted, new key names should start with "x-".
I take it wayne had something in mind like RFC 1869 4.3 compliant SMTP
Service Extensions (for local use). But, I wonder, if new key names should
start with "x-", then how are these 'new' names ever going to be widely
accepted in their form without "x-"? At any rate, I interpret 7.2 to mean
that you could probably already do so.
Then if a domain doesn't have an spf record, but the client IP matches
an A or AAAA record of the domain, the Received-SPF line could contain
a "match=yes", (or "match=no" if the IP doesn't match.)
Match what? HELO, of course; but the meaning of a key word that just says
'match' may, out of context, not be so self-evident as in this thread. :)
Perhaps 'helomatch' or something.
Personally, if I wanted to implement this, I'd probably add the IP address
of the A record behind the HELO value; like so:
Received-SPF: pass (asarian-host.net: domain of
listbox+trampoline+735+865569+ee70a142(_at_)v2(_dot_)listbox(_dot_)com
designates
207.8.214.5 as permitted sender)
receiver=asarian-host.net;
client-ip=207.8.214.5;
envelope-from=<listbox+trampoline+735+865569+ee70a142(_at_)v2(_dot_)listbox(_dot_)com>;
helo=apex.listbox.com ([207.8.214.5]);
But you can certainly already add:
x-helo-match=yes
(It would be nice if "match" could instead be an allowed result, but
it's probably too late for that now. :-) )
Nor would it really be an SPF-lookup result. :)
Cheers,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx