begin Thursday 22 April 2004 17:30, Lars Dybdahl quote:
Current legitimate forwarders use forged "from" to accomplish
the forward and preserve bounce information.
That isn't forgery because the forwarder is acting legitimately on behalf
of the correspondents.
With SPF, you simply state, "which servers may act legitimately". If you
include the forwarder, it's legitimately. If not, it's not.
Lars.
Problem with forwarders is that it is the _recipient_ who should
decide about its legitimacy, not the sender (as is the case with
"normal" SPF).
Indeed, forwarded mails exist because the recipient has set it up,
thus logically, the recipient should also have the tools to whitelist
it at his own ISP.
Thus the need for separate mechanisms ("local policies", per-user
whitelists, etc.)
Alain