Douglas Otis wrote:
It seems rather ironic SPF's intended purpose was to direct
culpability to the provider's customer (the email-address owner).
The "owners" of a reverse path are the hops adding info to it,
today in essence limited to the envelope sender address as
accepted by the MSA.
In addition, schemes directing culpability toward provider's
customers are in conflict with the general protection of personal
privacy.
There is no such thing as "culpability" of senders in SPF. If
folks want it they can arrange for a working envelope sender
address based on their Message-ID or using BATV, but that has
nothing at all to do with privacy.
Only the provider should be able to determine a message source,
and therefore only the provider should be held responsible for
controlling abuse.
The provider is not responsible for forgeries by third parties.
SPF only allows to identify plausible (PASS) or forged (FAIL)
envelope sender addresses for domains publishing an SPF policy.
Frank
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg