spf-discuss
[Top] [All Lists]

RE: SPF: Not just a clever idea

2004-06-07 09:20:25
From: wayne
Sent: Monday, June 07, 2004 10:28 AM



<...>

For those who don't know, the most recent list of headers that the
"caller-id algorithm" checks for are:

From:
Sender:
Resent-From:
Resent-Sender:
Delivered-to:
X-Envelope-To:
Envelope-To:

Note that most of these headers are non-standard.  (That is, they
aren't in the RFCs)  No MUA currently displays most of these headers
in any form.

The Sender: header, at least on Unix systems, is removed when found in
a message submitted by the MUA, and added when the MTA thinks it is
needed.  I have found quite a few messages with bogus Sender: headers
that appear to have been automatically added by slightly misconfigured
MTAs.

The "caller-id algorithm" is a mess.

I think it is fair to say that most of us know little, if anything, about
the PRA extraction algorithm.  Could you provide any more details as to how
it operates?  This is obviously a key piece in the operation of the new SPF.
I trust that people will make reasonable decisions if they know what the
algorithm is and any performance results that are available.  The fact that
you have seen it and don't like it worries me greatly.  It would probably be
useful to get the details out so people can make informed decisions.  On the
other hand, I don't want to panic until I see it and have some time to
digest it, just as you did.  From what you saw, do you think the algorithm
is fixable?

--

Seth Goodman