Seth Goodman wrote:
In the case of an originator and three forwarders, all of
the following are valid MAIL FROM: addresses:
MAIL FROM:<@fwd3,@fwd2,@fwd1:local-part(_at_)originator>
MAIL FROM:<@fwd3,@fwd2:local-part(_at_)originator>
MAIL FROM:<@fwd3:local-part(_at_)originator>
MAIL FROM:<@fwd3,@fwd1:local-part(_at_)originator>
4) Recipients always use the leftmost field of MAIL FROM:
to do the SPF check. This is always the current sender.
[...]
6) Bounces are sent directly to the originating address
(the rightmost field in MAIL FROM:).
Sorry, but I don't get it. My problem are numerous bounces
sent to forged MAiL FROM:<nonsense(_at_)xyzzy>. With v=spf1 I (or
rather my ISP) can solve this problem by defining IPs allowed
to send mail from any xyzzy address. The recipients detect
and reject fakes immediately => no more bounce, problem solved.
Now your idea allows to create a domain spam.example.net with
"v=spf1 +all" and MAIL FROM:<@spam.example.net:nonsense(_at_)xyzzy>
This passes your step 4 for any IP, and then I'd get again the
bounces in step 6. That would be the same situation as without
SPF for me, or where have I lost it ?
Bye, Frank