On Fri, Feb 06, 2004 at 04:02:11AM +0000, David A. Wheeler wrote:
| people can check the ordinary mail headers for forgeries.
|
| The current spec punts on this very vital point, saying:
| "The <responsible-sender> depends on the presence and order of a
| variety of headers, including Resent-Sender, Resent-From, Sender,
| and From. Selecting the appropriate sender can be challenging
| considering headers can be spoofed by malicious senders."
|
| I believe you really need to add, after that text, a recommended approach.
I agree, I want to add one but I don't which one to add.
The original algorithm borrowed from Caller-ID is at
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200402/0042.html
Roy Badami proposes an alternative algorithm at
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200402/0169.html
Forwarders are going to have to prepend somethng; it might as well be
Resent-Sender. The algorithim should reflect that. Can we reopen this
debate?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡