spf-discuss
[Top] [All Lists]

Re: [spf-discuss] SPF on HELO - take 2

2009-01-09 18:55:27
At 3:16 PM -0500 1/9/09, Scott Kitterman wrote:
On Friday 09 January 2009 15:03, Stuart D. Gathman wrote:
On Fri, 9 Jan 2009, Scott Kitterman wrote:
AFAIK, no.  There are people that will argue layer violations, but I'm
completely unaware of any real situations where it would be problematic.

RFC4408 explicitly says to apply SPF to HELO for empty MAIL FROM.
I guess the leap here is to apply it to HELO for all MAIL FROMs.

It's not much of a leap.  It's recommended:

http://www.openspf.org/RFC_4408#helo-ident

"It is RECOMMENDED that SPF clients not only check the "MAIL FROM" identity, 
but also separately check the "HELO" identity by applying the check_host() 
function (Section 4) to the "HELO" identity as the <sender>."

We're coming up on the third anniversary of RFC 4408.  I think it's reasonable 
to assume that using an SPF record for HELO should not be a suprise.  I'm 
unaware of it ever causing an actual problem.

Scott K

I detect emphatic agreement on this thread.  I will work on the text/patches
in question and present it to this list this weekend.
(However, If anyone beats me to it, I will _not_ be offended. ;->  )

-dgl-


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com