terry(_at_)ashtonwoodshomes(_dot_)com wrote:
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Daniel
Taylor
Sent: Thursday, July 22, 2004 9:53 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] SPF and Responsibility
Michel Bouissou wrote:
Le jeudi 22 Juillet 2004 14:46, Daniel Taylor a écrit :
Any given web page you receive from my server is expected
to be from me.
If I say that a mail server is "authorized" (SPF PASS) to
send e-mail
for me and you receive e-mail claiming to be from me from
that server
it is implied (quite strongly) that it is a message from me
in the same
way.
Comparing web/http and email/smtp makes no sense whatsoever.
Why not?
Comparing SMTP to HTTP does not make sense because:
In http, the RECIPIENT makes the request for information, and the RECIPIENT
gets to choose (via the
browser, his trusted DNS server, etc) the correct source of the information.
In SMTP, the RECIPIENT does NOT request the information, nor gets to choose
where it comes from.
Just a hypothetical here:
Suppose you could only send SMTP traffic from a valid MX matching
the MAIL FROM and From: headers in the e-mail.
Would that not make SMTP authentication equivalent to http source
authentication?
The fact is that for _most_ organizations it is a perfectly reasonable
setup as well. The existence of exceptions is the only reason we need
something like SPF.
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203