spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Solving the Forwarding Problem for good!!!

2004-01-17 08:37:26
from [John Warren] [Permanent Link] 


On 17 Jan 2004 at 16:24, Alain Knaff wrote:


begin  Saturday 17 January 2004 16:14, John Warren quote:

SPF tests should always use the "Sender" if there present, not the
"From".

So the SPF check should work as follows.

If there is a "Sender" use it for checking and ignore the "From" else
use "From".


The problem with this approach (and others approaches based on header
fields, rather than the envelope) is that it forces the MTA to
actually accept the message, before being able to reject it.

With SPF as it stands now, the mail transaction can already be aborted
before a single byte of message data is transferred.

Alain



Not true, but I did fail to talk about the transaction header as well. 
Thanks for bringing it up. 

The "RCPT TO:" in the transaction header should always the 
authenticated sender e-mail address and never the address the user 
supplied in the "From" since it could be forged. 

The "Sender" field, which should match the "RCPT TO:", would be used 
for later testing if you don't test at transaction time.  

So the problem is still solved.

Next comment please:)




-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡



----------------------------------------------------------------------
John Warren
+--------------------------------------------------------------------+
| Any and all use of my email address for bulk email without my      |
| expressed permission is prohibited. This means NO JUNK EMAIL, SPAM.|
| Support the anti-Spam amendment, Join at http://www.cauce.org/     |
+--------------------------------------------------------------------+

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Solving the Forwarding Problem for good!!!, Alain Knaff
Next by Date:  Re: Solving the Forwarding Problem for good!!!, John Warren
Previous by Thread:  Re: Solving the Forwarding Problem for good!!!, Alain Knaff
Next by Thread:  Re: Solving the Forwarding Problem for good!!!, Dan Boresjo
Indexes:  [Date] [Thread] [Top] [All Lists]