On Wed, 2004-09-15 at 11:22 -0700, Rand Wacker wrote:
On Wed, 15 Sep 2004, David Woodhouse wrote:
Having considered the implications myself, I believe that the mere
_possibility_ of SRS or the header addition means that each of the
mailfrom and pra scopes becomes nothing more than a way to determine the
trustworthiness of the _individual_ mail host which is submitting the
mail in question.
Right. When you add SRS in to the equation, SPF Classic essentially
"degrades" in to CSV-like functionality.
That's twice you've said this of only 'mailfrom' scope, and it doesn't
seem to have been an accident.
It should be noted that the 'pra' scope, with the forwarders able to add
an arbitrary domain in whatever header is used in place of the
'Resent-From:' header, has precisely the same characteristics.
--
dwmw2