Mark Shewmaker wrote:
1. Any thoughts on whether this would be a good or bad idea?
Makes sense. Compare the draft Kucherawy review in ietf-822.
2. Any thoughts on where this statement could best be
placed?
Add it somehow to Received.
. In the authentication-results header, (received-spf
seems too spf-specific.)
Authentication-results defining exactly the SPF result set
minus NONE (it uses NETRAL in this case) is not exactly
SPF-independent. Note the "no derivative work" clause in
this draft, it's not free to be twisted in arbitrary ways.
In a header of it's own, say: "X-trust-previous-hop:"
Tricky for the reasons stated by Bruce in his review of
draft Kucherawy (later in this thread).
Bye, Frank