On Mon, 15 Jan 2007, Alex van den Bogaerdt wrote:
ONLY for HELO <<<<---- (that excludes MAIL FROM !), I could live with
an implicit "+a" in a record, or maybe even an implicit "v=spf1 a ?all"
record if there isn't an explicit record.
No, I am not discussing "best guess" here either, should you think so.
We were discussing a future change to the protocol, right ?
ONLY for HELO it would make sense to have "+a", as the name used in HELO
should be the FQDN of the host. It does not make sense to deny a host
the right to use its own name for HELO <--- (not talking about MAIL FROM!).
This is a receiver policy. Pymilter has done this from the get go.
If the HELO name resolves to the connect IP, the HELO name is considered
validated, and reputation accrues to the HELO name (if there is no
SPF pass for MAIL FROM). The HELO name can be listed in
trusted forwarders if no mail domain is available.
I agree that it is a good receiver policy, but don't see any need for
making it explicit in SPF.
One other little thing I have added - for best_guess, I do a PTR match
against a validated HELO in addition to the rDNS PTR. So, for instance,
if the HELO name is smtp.example.com (and resolves to the connect IP),
and the MAIL FROM is foo(_at_)example(_dot_)com, then that is considered a
PASS for policy and resputation purposes (although 'none' is still reported in
Received-SPF).
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735