mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] IETF Last Call complete, -18 draft posted

2008-12-03 20:29:52

On Dec 3, 2008, at 4:02 PM, Scott Kitterman wrote:

On Wed, 03 Dec 2008 10:17:17 -0800 "Murray S. Kucherawy" 
<msk(_at_)sendmail(_dot_)com 

wrote:
The most notable syntactic change involves SPF and Sender-ID, where  
the local-part should be omitted from the reported authentication  
result since those methods don't specifically evaluate that  
information.

I'm sorry, I guess I must have zone out and missed this discussion  
during last call.  This is not correct.  Much like DKIM, SPF  
normally works at the domain level, but senders can define records  
that allow different results based on the localpart of the Mail From.

Can you explain a practical use for the SPF record's dangerous local- 
part macro that returns positive results pertaining to an email- 
address local-part?  A positive result based upon a local-part offers  
a simple means to spoof the domain from any address. :^0

-Doug

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html 

<Prev in Thread] Current Thread [Next in Thread>