Stuart D. Gathman wrote:
On Sun, 11 Jan 2009, David MacQuigg wrote:
>Generally, the HELO domain is different from the MAIL FROM domain, so there
>is no conflict.
>
>example.com TXT "v=spf1 mx -all"
>mx1.example.com TXT "v=spf1 a -all"
>mx2.example.com TXT "v=spf1 a -all"
We need a way to use *one record* for both the MAIL FROM and HELO checks.
Very few domains publish SPF records for each and every HELO name. I don't
believe "evangelism" will ever change that.
That is trivial too. You can pick any name you wish for HELO, including
a domain the same as MAIL FROM.
However, doing so discards the possibility to use the helo name as a
"better and cheaper rDNS", that you mentioned earlier in this thread.
In addition, the sender would fail those draconian HELO-to-DNS checks,
if the MAIL FROM domain doesn't have the corresponding A record.
SPF does not currently provide for a _default.example.com record. Even
if it did, that would amount to two records, not *one*.
How many senders would be broken by a HELO test that checks against
each successive zone cut until it finds an SPF (or TXT) record?
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com