spf-discuss
[Top] [All Lists]

RE: getting 2822 protection as well as 2821 protection

2004-04-06 16:01:07
From: Seth Goodman
Sent: Tuesday, April 06, 2004 1:06 PM

Another note concerning my post on SES.

Though I listed the variants that protected the RFC2822 as SES-only
addresses, that is not strictly true.  If the user domain publishes an SPF
record that lists the originating gateway MTA as a designated sender, the
SES0 address formats given will all pass SPF tests.

Since SES only applies to locally-originated mail, there is no problem if
the originating gateway MTA is also a forwarder and implements SRS.
Therefore, the proposed SES scheme is completely compatible with SPF+SRS, as
long as the user domain publishes an appropriate SPF record.  This is
equally true if only the default case SES address format is used and a
private/public key system is used to verify the RFC2822 originating address
fields when they are different from the return-path.

--

Seth Goodman