On Wed, 3 Dec 2008 17:27:43 -0800 Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org> wrote:
On Dec 3, 2008, at 4:02 PM, Scott Kitterman wrote:
On Wed, 03 Dec 2008 10:17:17 -0800 "Murray S. Kucherawy"
<msk(_at_)sendmail(_dot_)com
wrote:
The most notable syntactic change involves SPF and Sender-ID, where
the local-part should be omitted from the reported authentication
result since those methods don't specifically evaluate that
information.
I'm sorry, I guess I must have zone out and missed this discussion
during last call. This is not correct. Much like DKIM, SPF
normally works at the domain level, but senders can define records
that allow different results based on the localpart of the Mail From.
Can you explain a practical use for the SPF record's dangerous local-
part macro that returns positive results pertaining to an email-
address local-part? A positive result based upon a local-part offers
a simple means to spoof the domain from any address. :^0
Yes.
No one said anything about exclusively using localpart. That would be
foolish.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html