Julian Mehnle wrote on Thursday, March 15, 2007 9:40 AM -0600:
Seth Goodman wrote:
As a further observation, you don't strictly need SPF records to do
something like this. What you want is a confirmed HELO identity,
and that confirmation can be SPF, CSV, reverse DNS, forward DNS or
anything else you are willing to accept.
Except that all of these have different notions of "confirmed". If
you don't care, fine. But otherwise, be aware that there is a
difference.
That's right, and I'm sure most everyone reading this cares about these
differences. Stuart previously presented a very rational hierarchy of
confirmation methods. The basic idea is to attempt confirmation with
the methods that you prefer first, and fall back to less stringent ones
later.
What methods are on the list, and in what order, is an individual
choice. My expectation is that SPF would be at the top of the list, as
it confirms that the domain owner designates a machine as permitted to
send mail. As Frank points out, CSV does this best, but it is
virtually dead. Other DNS methods can confirm the HELO identity, but
give a recipient no information about whether a machine is a legitimate
mail host.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735