In
<Pine(_dot_)LNX(_dot_)4(_dot_)58(_dot_)0601120906010(_dot_)8515(_at_)box3(_dot_)nekodojo(_dot_)org>
gconnor <gconnor(_at_)nekodojo(_dot_)org> writes:
I think I understand where Dick is coming from here. I think we can agree
that SPF as it exists today doesn't have a really great answer[1] to "my
domain is used for HELO but not MAIL FROM" and vice-versa. HELO checking was
built as a fallback behavior but it turned out to be a good tool for catching
some simple, obvious kinds of forgery, so I think it was the right thing to
do, it was just done inelegantly.
Yes, I certainly agree with this. There are *lots* of things in SPF
that I know can be done better, and a bunch more that I don't like,
but don't know how to do better. The HELO checking in SPF is ugly, at
best. It works. It doesn't have any fatal flaws. Considering all
the deployment of SPF, it isn't worth switching to something like CSV.
But, it is ugly.
-wayne
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com