Todd Vierling <tv+spf(_at_)duh(_dot_)org> wrote:
Longer term, I would like to see some filters a la Spamassassin that
flag as "suspicious" if Return-Path doesn't equal Sender:.
Eh? That's a bad thing to flag. Consider:
1. User is on a mailing list, which (properly) sets Sender: to the
mailing list return path address.
2. The address subscribed to the list is a pobox.com address, or that of
some other aliasing service, which rewrites the envelope a la SRS.
3. The received mail at the destination mailbox flags your check.
Sender: != return path (envelope). Please do not equate them, or even
cosider them to be related; they're not.
Why not?
Probably your scenario should be solved as follows:
A. Pobox user *sends to* mailing list
1. User sends:
MAIL FROM: user(_at_)pobox(_dot_)com
( Sender: would be the same as From:, so not included )
From: user(_at_)pobox(_dot_)com
To: mailing(_at_)list(_dot_)tld
2. Mailing list forwards to other subscribers:
MAIL FROM: mailing(_at_)list(_dot_)tld (or SRS equivalent)
Sender: mailing(_at_)list(_dot_)tld (or SRS equivalent)
From: user(_at_)pobox(_dot_)com
Mail-Followup-To: mailing(_at_)list(_dot_)tld
To: other(_at_)subscriber(_dot_)tld
B. Pobox user *receives from* mailing list
1. Other subscriber sends to mailing list:
MAIL FROM: other(_at_)subscriber(_dot_)tld
( Sender: would be the same as From:, so not included )
From: other(_at_)subscriber(_dot_)tld
To: mailing(_at_)list(_dot_)tld
2. Mailing list forwards to Pobox user:
MAIL FROM: mailing(_at_)list(_dot_)tld (or SRS equivalent)
Sender: mailing(_at_)list(_dot_)tld (or SRS equivalent)
From: other(_at_)subscriber(_dot_)tld
Mail-Followup-To: mailing(_at_)list(_dot_)tld
To: user(_at_)pobox(_dot_)com
Instead of "Mail-Followup-To"[1], "Reply-To" might be used, but I think DJB's
proposal is right.
What's wrong with that?
[1] http://cr.yp.to/proto/replyto.html
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)���v¼����ߴ���1I��-�F�qx(_dot_)com