----- Original Message -----
From: "Shevek" <spf(_at_)anarres(_dot_)org>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Sunday, February 15, 2004 6:45 PM
Subject: Re: [spf-discuss] A couple of thoughts
On Sun, 15 Feb 2004, Mark wrote:
MAIL FROM:<> RCPT TO:<b(_dot_)candler(_at_)example(_dot_)com> 550 Bounce
message is not
cryptographically signed
Can therefore not be used in its blanket form (at least not without
breaking the world). As wayne pointed out, the message will need to be
examined, carefully, to ensure that we are indeed dealing with a real
bounce message, and not just another, also legit, SMTP probe.
They ought to be using VRFY. Something is very messed up here.
I have not read their rationale, but I think the use of RCPT TO: was quite
deliberate: you cannot rely on VRFY, as it is disallowable in sendmail's
PrivacyOptions. People will have lines like these in their sendmail.cf:
O PrivacyOptions=needmailhelo,noexpn,novrfy,noetrn,noverb
On the other hand, RCPT TO: is guaranteed to always work (which, if you
think about it, kinda defeats the purpose of disallowing VRFY, as the same
info can be obtained through using RCPT TO:).
Regards,
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx