spf-discuss
[Top] [All Lists]

Re: What does PASS really mean?

2004-06-30 11:46:18
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 30 June 2004 07:43 am, spf(_at_)kitterman(_dot_)com wrote:

A more sophisticated second question might be to ask "Does this server
allow you to send e-mail from domains other than the one associated with
your account with this company?"  Default would be yes and if they change
this one to no, then remove the ?'s as above.  This covers the case where
in addition to doing some type of SMTP auth, the service provider locks
down the domains or addresses from which e-mail can be sent.


More like "Do you trust that these servers won't spoof your domain?" It is 
possible to securely configure an MTA so that it can be safely shared 
without spoofing.

If you can't trust the server, then you shouldn't put it in '+'. '?' may be 
appropriate, or even '~'.

- -- 
Jonathan M. Gardner
Mass Mail Systems Developer, Amazon.com
jonagard(_at_)amazon(_dot_)com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFA4wp6BFeYcclU5Q0RApD5AJ0cvv+T/zvZxGoaa+5M4iQ2bwklxgCgpmZz
jkVvXSnX9qyYB8yLT/LgC40=
=TorL
-----END PGP SIGNATURE-----