On Mon, 26 Jan 2004, Julian Mehnle wrote:
: But to create somewhat reliable reputation systems (RHSBLs, domain
: blacklists) for SPF to actually do its part in the fight against spam, we
: need people to *recognize* forgeries in the first place. Nobody, not even
: experts, will want having to examine the full headers of *every*
: potentially address-forged message to find out.
The experts already examine the full headers. The end users normally don't
give a damn about "forgeries"; rather they care about "spam". Let the ISP's
normal "report spam" process contain the proper information (which it
already does).
: I suggested the "Sender:" header, because I think it's conceptually the
: same as the envelope sender, or could at least be made so without
: significant problems.
One particular issue I've found with Sender: is its use with S/MIME.
Please see RFC2632, which describes using Sender: as one of the S/MIME ident
fields (used to support S/MIME on output of a mailing list). Rewriting
Sender: would deauthenticate such a message.
*shrug* I give up. I'm afraid that rewriting a header (as opposed to just
the envelope, or just adding a header) will lead to even more nasty
implementation in the wild, and may decrease the possibility of acceptance
by MTA authors. Feel free to write the patches and submit them; I'm just
tired of trying to separate the two concepts.
If I had to settle on a header, I'd vote only for adding a "Resent-Sender:",
not munging any existing field in the original message.
--
-- Todd Vierling <tv(_at_)duh(_dot_)org> <tv(_at_)pobox(_dot_)com>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡