On Mon, 2004-09-13 at 05:51, David Woodhouse wrote:
On Mon, 2004-09-13 at 05:31 -0700, william(at)elan.net wrote:
Additionally Received header are specially designated to be trace fields,
so they are like a loggin info.
That's all they are here, surely? In a world where SenderID was
ubiquitous you'd have mail servers automatically rewriting RFC2821 and
RFC2822 identities on outgoing mail, and the SenderID validates _only_
that one hop; it's not end-to-end validation such as PGP, DomainKeys or
Signed Envelope Senders would offer.
You end up using a domain-based blacklist instead of the IP-address-
based blacklists which are already common, but other than that the
problem hasn't changed much. It's just a way of determining which are
legitimate mail servers, and which are not.
Neither Sender-ID nor SPF safely allow the implementation of a name
based blacklist. I would agree there may be a means of excluding
messages where the SMTP client IP address was not authorized, but
nothing else of significance is possible from this association. A
positive association does not indicate the mailbox domain holder to be
the originator. A negative association does not indicate the mailbox
domain holder to be a spammer.
-Doug