On Tue, Feb 03, 2004 at 07:52:02PM +0000, Roy Badami wrote:
|
| These rules look correct for determining the header sender. But I
| tought SPF didn't use that anymore, only the envelope sender.
|
There is a huge demand for header verification.
And it doesn't make sense to have two different standards, one for
envelope verification, and one for header verification, when the
underlying logic is the same in both cases --- you're verifying an IP
against an email address.
The SPF declarations we have right now will verify an IP against an
email address. But that email address doesn't have to come from the
envelope. They can come from anywhere! Even the header!
So I'm going to put the "Resent/Sender/From" rules into the SPF draft
and basically say to people "SPF was designed to work on the envelope.
But if you want to use it on the header, here are some suggested rules
for choosing the right header to test. Good luck! No guarantees! Have
fun storming the castle!"
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡