In <001101c44eb3$9819b2b0$01030101(_at_)pamho(_dot_)net> "Roger Moser"
<roger_moser_spf(_at_)greenmail(_dot_)ch> writes:
I have a similar request as the original request in this thread:
Suppose all mail from my mail server has a signed envelope sender and I have
set up a custom DNS server to check the signatures by using the 'exists'
mechanism. And I want to prevent that a spammer uses SUBMITTER (or similar)
with "v=spf1 all" to send spam "from my domain". So my SPF record would say
for example:
"v=spf1 only=orig exists:%{S}.ses.example.com -all".
note: %{S} already has a meaning: it is the url-encoded version of %{s}
The "only=orig" modifier would mean "check only the SPF record of the
original domain, and ignore any SPF record of the domain of the SUBMITTER
or the source route (which could be a spammer)".
Once upon a time, there was a "scope=" modifier to specify whether the
SPF recorrect applied to 2821 data and/or 2822 headers. Maybe we need
to resurrect it.
-wayne