Hector Santos wrote:
MH Michael Hammer (5304) wrote:
From: Jeff Macdonald [mailto:jmacdonald(_at_)e-dialog(_dot_)com]
nice. We also do both for our clients, but RFC5321From and RFC5322From
are different domains, so for spf2.0 we specify PRA.
For our website domains we require that the RFC5321Mailfrom and the
RFC5322From match for all outgoing mail. Specifying PRA for spf2.0
invites certain kinds of attacks that will gain the attacker a neutral
for PRA check.
Right, like this list message. A PRA check would of provided a SoftFail.
It came in with a 5321.MailFrom:
owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org
which unfortunately doesn't support SPF. :-(
If this mailers at the very least supported submitter, it would of used:
MAIL From:<owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org>
SUBMITTER=MHammer(_at_)ag(_dot_)com
This would allow receivers to lower their overhead by checking at the
SMTP level. Instead, our server did a bunch of checks.
Sorry, wasn't thinking straight. That would of yield the same soft fail.
--
Sincerely
Hector Santos
http://www.santronics.com