John L wrote: > Could you show me the SPF records I would use to indicate that > mta.example,com is valid as an EHLO but not as a bounce address domain > while example.com is a valid bounce address domain but not an EHLO. You can't. The expressiveness of SPFv1 is limited in this regard. However, SPF still effectively prevents forgery of both the "mta.example. com" and "example.com" identities, because no MTAs except those authorized by your SPF record(s) can use them, and those MTAs authorized by you should be under your control.
Description: PGP signature