On Tue, Jan 20, 2004 at 10:28:10PM -0500, Meng Weng Wong wrote:
| To make myself clear, we're talking about changing the subject of
| authentication from MAIL FROM envelope sender to header Sender.
|
| This brings a number of benefits, including this one: postfix-users got
| rather riled about changing the return-path, and this lets us keep them
| happy.
|
| This is not as major a change as it might seem. In almost every case
| I've seen so far, Sender: matches the return-path, and when Sender: is
| not present, From: matches the return-path. Is this true for you guys?
The concern is that checking headers, which can be spoofed, will reopen
the door to joe-jobbing.
Avoidance of joe-jobbing was the carrot for the whole deal.
Maybe we can require that the Return-Path match the address chosen from
the headers.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡