On Nov 10, 2008, at 12:05 PM, Scott Kitterman wrote:
Actually it doesn't require a separate IP. I think your sense of
actual operational options to ensure users don't forge each other is
somewhat limited if that's the only approach you can envision.
What practice would you recommend in this regard? Since the
Authentication-Results header can easily abuse SPF records by having
these misapplied against PRAs defined by Sender-ID, how would one
ensure more than just MailFrom is constrained? What steps would you
take?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html