[John Keown]
That is why and where smtp authentication comes into play. With smtp
authentication the hijacker cannot authenticate and therefore cannot send
from example.com return address.
FYI.
nslookup -q=txt gmail.com
gmail.com text = "v=spf1 a:mproxy.gmail.com a:rproxy.gmail.com -all"
Results? SPF requires me to use gmail.com web-mail interface not only for
incoming mails, but for outgoing also.
No way for legit user to send mail with "From: myname(_at_)gmail(_dot_)com"
using local
ISP smtp server.
But this is legal forgery currently.
Even more ads, even more profits for GMail.
Who is happy? Me or Gmail?
After a few years of SPF usage GMail will have strong reason to deny
per-user DK keys.
But currently we still can diligently _ask_ them to provide them.
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua