From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of
Minica, Nelson
(EDS)
Sent: Monday, May 03, 2004 12:13 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] SPF & Bounced Emails
Kevin Kolk wrote:
SPF is not meant to block bounced emails. (I just received a bounced
email because a domain supported SPF and refused a mail with a spoofed
MAIL FROM).
If admins are setting up their systems to bounce e-mail instead of
simply rejecting it then SPF won't be the spam solution we hoped for.
What kind of sense is that, bouncing an email that SPF says the MAIL
FROM was forged/spoofed to the MAIL FROM address???
SPF provides information that will allow you to reject a message before DATA
if the envelope sender appears forged. Unfortunately, there are still too
many store and forward mailers out there. Most of those probably won't use
SPF and even if they did, not all domains will publish SPF records that lead
to definitive rejections, so there will inevitably be bounces to bogus
addresses to deal with. Many of these will pass SPF checks, so they will
remain a problem.
Putting a unique signature in the MAIL FROM: for all outgoing mail,
sometimes called SES, is one way to combat this problem. It allows you to
reject any incoming bounce where the original message did not come from you.
--
Seth Goodman