On Fri, 23 Jan 2004, wayne wrote:
: The email address in the From: header can often be AUTHENTICATED by
: checking the Received-SPF header and knowing exceptions that
: individual mail users have with respect to the mailing lists they are
: on and the forwarding services they use.
: The stuff in layer 3 could be done in the MTA after the SMTP DATA
: command, but it could also easily be done later in a spam filter or
: something.
The From: header is, quite purposefully, useful as an original sender
information field. It should be preserved even in the presence of
forwarding schemes, mailing lists, etc. Thus you cannot use it as a basis
of authenticating the sender at the SMTP level.
Maintaining "exception" entries is something we all do today, and we want to
MOVE AWAY from such schemes. This proposal is a step backwards and offers
no additional help over the multitude of filtering (remember, after DATA,
it's filtering--not rejection) methods we already use as a group.
Here's your non-flying turkey and $0.02 in change. Thank you, come again.
--
-- Todd Vierling <tv(_at_)duh(_dot_)org> <tv(_at_)pobox(_dot_)com>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡