Daniel Taylor wrote:
the PRA algorithm was not discussed in quite the depth here
It's pretty simple, scan the header for Resent-Sender, then
Resent-From, then Sender, then From (each step top down), and
take the first match. If that has more than one address it's
a syntax problem (=> no PRA), otherwise it's the PRA.
In the spf-discuss(_at_)v2(_dot_)listbox case you get the Sender as PRA.
1. Do PRA checks stop at the first PASS?
Of course, as soon as you have the PRA it's the same algorithm
as for the MAIL FROM identity.
2. If so, then what is the advantage over mfrom/helo checks?
MS wants to display the PRA in MUAs, and they don't trust that
the Return-Path is available - of course it can be also empty.
OTOH there are also disadvantages, e.g. checking the MAIL FROM
is possible before RCPT TO and DATA in SMTP. Last but not
least there's no guarantee that PRA == MAIL FROM, quite the
contrary, and that's FUBAR if you check a PRA against v=spf1.
Bye, Frank