-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
William Leibzon wrote:
receiver should not be required to test both MAILFROM and EHLO
That doesn't reflect "SHOULD test HELO". You can't have it both ways at
the same time.
"SHOULD/RECOMMENDED" != required.
We recommend HELO checking because the semantics of v=spf1 records
inherently covers both MAIL FROM and HELO scopes, and if this is what
publishers have in mind when defining their policy, receivers SHOULD
check both identities.
We cannot _require_ it, though, for historical reasons.
receiver should be free to decide to use SPF FAIL as part of larger
policy system but not directly reject on it if he does not want to
Sure, it's unnecessary to say anything with a MUST or a SHOULD about it,
but the normal expected standalone SPF meaning must be still clear for
all parties, senders, publishers, support desks, MX admins, Carl, Andy,
Terry, you, and me.
Please explain why you think that domain owners cannot confidently define
their policies without knowing exactly how receivers will relate HELO and
MAIL FROM results. Perhaps you'd like to give an example where this
knowledge is required (or, at the very least, highly valuable).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFClxNiwL7PKlBZWjsRAtlaAJ9bOT0zzsTQcT1UM1vWnfwJCnI+lwCg+dGt
rygvugPY8+jN5tM4elw0U/k=
=WrFd
-----END PGP SIGNATURE-----