On Wed, 28 Feb 2007 07:51:17 +0000 Graham Murray
<graham(_at_)gmurray(_dot_)org(_dot_)uk>
wrote:
Jon Callas <jon(_at_)callas(_dot_)org> writes:
You can say that you never send mail from a domain with SPF.
SPF operates on the RFC2181 envelope, so with SPF you can state that a
domain will never legitimately appear in the SMTP MAIL FROM: (or
EHLO). It offers no mechanism to say that the domain will not be used
in any RFC2822 From:, Sender:, Resent-From: etc.
Good point. I think the equivalent SenderID PRA scope never sends mail
record is more relevant here.
As I've said before, I think this type of SPF/SenderID record avoids most
of the risks associated with these protocols that some find concerning and
I think it would be useful to standardize these record types as string
literals separate from the more complex semantics of the protocols in which
they are currently defined.
I may do it as an individual submission if I get the time.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html