-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
But if receivers play hardball (like your HELO proposal) and this is
_not_ specified, it will terrify senders / publishers.
No, it won't. If the SPF record authorizes 1.2.3.4 for "HELO mta.example.
com", and the authorization fails in some way if someone at 5.6.7.8 calls
and says "HELO mta.example. com", well, then the authorization failed and
it is very legitimate for the receiver to deny the transaction if he deems
it appropriate. Or, he may very well accept the transaction, e.g. to
gather more information, or for statistics purposes.
If people are unsure about what a "failed authorization" can mean in the
computer world, they probably need to learn about the "authorization"
concept in general before going on with deploying SPF.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFClxB9wL7PKlBZWjsRApTaAKCO2eRxx+aHIQ7wO160+bEcx3RWswCg1Pke
GePzCv5p4jmAk4m0gD7/as8=
=I/Fm
-----END PGP SIGNATURE-----