On Sat, Jan 24, 2004 at 04:40:24PM +0100, Julian Mehnle wrote:
| IMO Phil's statement implied that one might pass some private information
| for the DNS server to make a decision based on it, like recipient address
| (e.g. for distinguishing to:<postmaster> mail from others), etc.
|
| If he didn't mean that then I obviously misunderstood his statement.
I hadn't proposed using recipient information. I didn't see that as needed
to make the determination if the source matches the sender. What I envisioned
(and still do with "exists") is a mechanism where a special DNS server can say
"yes" when a specific user is making SMTP connections from where they have
(effectively) asked the domain owner to acknowledge them as being at. This
could be done via IMAP/POP logins (e.g. "SPF after IMAP") if the sender is
doing SMTP from the same IP addresss. If that's not enough, the DNS server
can cross check to see if the sending MTA is at the same ISP as the sender
logged in to IMAP from (similar domain). Or "include" could be used instead
of "exists" to get a custom SPF policy per user. Then that user SPF data
can do things like "ptr" pointing to the user's current ISP, or even another
"include" to reference that ISP's SPF data.
BTW, what is the recursion limit on "include"? Shouldn't we at least specify
a minimum that must be accepted? Or is SPF deferring to DNS limits such as
CNAME?
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡