On Saturday 17 January 2004 3:37 pm, John Warren wrote:
The "RCPT TO:" [sic] in the transaction header should always the
authenticated sender e-mail address and never the address the user
supplied in the "From" since it could be forged.
It isn't. My ISP (using exim) lets me use any 'From:' address I want and sets
the MAIL FROM accordingly. They don't enforce any 'Sender:' field at all.
Interestingly, they also send bounces to the third-party address too, which
implies they completely ignore the original source of the message...
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡