-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David A. Wheeler writes:
It appears to me that the issue with checking email headers
is forwarders. Here are a few thoughts:
* Forwarders might check the SPF data at their end, or not.
It seems to me that a forwarder would need to modify/add
the headers DIFFERENTLY, depending on whether or not
the forwarder checked the SPF values. Ideally,
the headers should be modified so that users would see
ordinary "from" addresses if the SPF values were checked
by the forwarder.
* There may need to be a way for final receivers to know if they
should trust a forwarder for a given user.
Whitelisting the forwarder (per user) is one way.
Another might be a cookie scheme.
I don't have a fully cooked solution, but I'm hoping one
can be developed.
Don't forget mailing lists. Generally quite similar to the
"forwarder" case, apart from the one-to-one/one-to-many difference,
and the likelihood that it will add new headers, use a new
env-from, and add a list footer to the body.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAJBpIQTcbUG5Y7woRAmnmAKDMIL1WjhPMlRgRrpXSH7P+xZMQogCdHNvH
wJT6uhhNGcqLFGh+Wky3zsc=
=Iqh0
-----END PGP SIGNATURE-----
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡