Hi All,
I have read already some threads on this list saying that SPF doesn't
guarantee the From header of the emails. Ok, I understand that and agree
with the point that SPF is designed to protect the Envelope Sender (aka
Return-Path). The problem is that email forgery persists on this means,
at least for the common user, that receives a forged mail with an
Authentic Sender Envelope (with or without SPF) and sees on his Mail
Client a FROM: fakeable(_at_)faked(_dot_)com(_dot_) For people who know how to check mail
headers it's easy to see the forging but for 99% of the internet this is
not the case. Mail forgery will still continue and SCAM's will continue
to spread out.
I can see that mostly the emails that come with different From and the
Return-Path are from Lists (like Yahoo Groups) and Spammers trying to
pass out Scam's.
My question is, how are you people treating this case on your MTA's? As
I can see it the only solution is, IMHO, on cases where the From is
differente from the Return-Path to change the From Header at the MTA to
another name so the MUA's are forced to use the Return-Path as the
sender. But that is against a lot of RFC's.
I might be not seeing something on the process so if someone can
help/enlighten me would be great. *8)
Best Regards to all,
--
------------------------------------------------
Rodrigo Afonso
rafonso(_at_)rits(_dot_)org(_dot_)br
IT Manager
RITS - Rede de Informações para o Terceiro Setor
------------------------------------------------
http://www.rits.org.br
Rua Guilhermina Guinle, 272/6º Andar
Rio de Janeiro/RJ - CEP: 22270-060
Tel: (21) 2527-5494 / Fax: (21) 2527-5460