From: Jeff Macdonald [mailto:jmacdonald(_at_)e-dialog(_dot_)com]
Sent: Thursday, February 26, 2009 12:13 PM
To: MH Michael Hammer (5304)
Cc: SM; Hector Santos; ietf-smtp(_at_)imc(_dot_)org
Subject: Re: Concluding the SPF and Sender ID experiments
Do these domains publish v=spf1 and spf2.0 records?
On Thu, Feb 26, 2009 at 10:44:42AM -0500, MH Michael Hammer (5304)
Mine do but the spf2.0 is just to specify mfrom to avoid the use of
against our domains.
nice. We also do both for our clients, but RFC5321From and RFC5322From
are different domains, so for spf2.0 we specify PRA.
For our website domains we require that the RFC5321Mailfrom and the
RFC5322From match for all outgoing mail. Specifying PRA for spf2.0
invites certain kinds of attacks that will gain the attacker a neutral
for PRA check.