begin Tuesday 13 January 2004 14:55, Hallam-Baker, Phillip quote:
If a message fails the SPF checks it MUST be deleted. The worst thing you
can do is to send a reply to annoy the alleged sender.
Actually, that's not how the SPF milter works. The receiving mailer
(who does the check) does not send anything back, but it refuses to
accept. It's then the sending mailer that generates the bounce.
Example:
User A impersonates B and attempts to sends a mail (using a server A')
to C (on server C'). C' notices that A' is not in B's SPF list, and
refuses to accept mail. A' (not C') generates the bounce message.
Hence, B will see the bounce message coming from A', and if this was
what A wanted to do, he could have done it much more easily by setting
up his server A' to fake the bounce directly.
Rejecting the message is much safer than silently discarding it,
because if due to some misconfiguration SPF misfires, the sender is at
least informed that something went wrong, and he can take corrective
action.
Alain
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡