On Tue, 2004-12-07 at 14:51 -0800, Dave Crocker wrote:
MAIL FROM:<SRS0=xx=yy=ox(_dot_)org=aland(_at_)forwarder(_dot_)org>
From: aland(_at_)ox(_dot_)org
SPF uses per-message validation. It can be viewed as validating the
latest-hop sending MTA, but the validation is provided by the
originating sender. Hence, SPF requires route registration. In truth
it is validating the originating sender, where the latest-hop MTA is
merely a way into that information.
[CSV]¹ uses per-session validation. Its validation is based on the
latest-hop sender's administration, rather than stretching back to the
origin.
You're missing the point of the example you quoted. Look at it again. If
you're receiving that mail from mailhost.forwarder.org to one of your
thousands of users, you have to accept it because it may well be valid.
All you can do is look up 'forwarder.org' or 'mailhost.forwarder.org'
depending on whether it's SPF or CSV you're using. Either way, you only
get to validate the "latest-hop sender's administration".
--
dwmw2
¹ Assumed correction -- you actually said 'SPF' again.