On Sun, Sep 19, 2004 at 10:57:22AM +0100, Chris Haynes wrote:
"Alan DeKok" replied:
It's not the MAIL FROM which is flawed, it's the ability of the
recipient to believe the senders trust in the shared MTA, as anything
other than a statement of faith made by the vender.
Ah! Now here we can agree. We may differ as to _whose_ trust is broken, but
the
crucial point is that a shared MTA is being trusted to have ensured that the
sender is authorised to use the Mail-From. There is no indication in the SMTP
protocol, or in the message headers, that this authorisation is actually
taking
place.
But with SPF, the trust you're being asked to place is not whether the
sender is authorized to use that MAIL FROM:; it's whether the entity
connecting to your MTA (the destination MTA, presumably) is one
associated with the MAIL FROM: RHS. It's a somewhat subtle, but
important, distinction.
--
Mark C. Langston GOSSiP Project Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org http://sufficiently-advanced.net
mark(_at_)seti(_dot_)org
Systems & Network Admin Distributed SETI Institute
http://bitshift.org E-mail Reputation http://www.seti.org