----- Original Message -----
From: "Paul Smith" <paul(_at_)pscs(_dot_)co(_dot_)uk>
To: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>;
Sent: Tuesday, May 31, 2005 9:05 AM
Subject: Re: "Header Reordering", yet again
Now you might be able to sort the timestamp lines by their
timestamps, or more likely by "I know what happens behind
my MX". Or you just use `nslookup -q=mx`.
If you specified that the timestamp on the Received-SPF field MUST be
IDENTICAL to the timestamp on the Received: line added by the same server,
that might solve some problems.
but I'm still scratching my head on this issue, what's the problem again?
Why would a downlink software assume the headers are or could be out of
order? and why would it assume mediocrity exist or even allow it to be
used? I mean, if a piece of software was doing this, then you go to the
developer and shame them for screwing things up. If they don't bother to
fix it, then you dump it and get something else. That's how it usually
And in regards to SPF, I suspect we are talking about some post SMTP
software, in which case, at a minimum, the post smtp analyzer would be
seeing and only be interested in headers for the current transaction or last
Anyway, I personally encounter any situation (nor would I tolerate it if I
did) that will be screwing around with mail tampering or changing of trace
and messages headers to the extent it is reordering it during the points
from reception to final storage.
After final storage, it is outside of my control or responsibility.
The only situation I can see where this *may* all matter for SPF is a some
hook for POP3 off-line systems attempting to do some offline SPF checking.
In this case, the only post final storage software that I can see that *may*
do some changes are:
- list servers (only because I hear from OTHERS that there are some that
might do this)
- gateways from native host mail formats back to RFC, in which case, the
original trace RFC information might be lost.
Is this what you are doing? Using SPF in your VPOP3? (Assuming VPOP3 is
some user's pop3 proxy application)
Hector Santos, Santronics Software, Inc.