John Glube wrote:
I am not going to raise this over at MARID as I view this
as an internal SPF issue.
Tnx anyway, it's all very confusing. I don't understand why
MARID doesn't simply publish a RfC for classic SPF MAIL FROM
tests based on draft-ietf-marid-protocol-00.txt (or rather
its next version with some minor technical fixes).
Based on SPF classic it could be easy to define a visible PRA
for MUAs: If (one of) the From: address(es) matches the
MAIL FROM, then that's it. Otherwise if the Sender: address
matches that's it. Otherwise try Resent-From: etc. (we could
even add To: / Cc: for wayne 's private forwarding scenario).
If nothing matches and there's no Sender: then treat MAIL FROM
as "PRA". Otherwise MUAs should warn users, they could still
display the Return-Path as PRA.
If the MAIL FROM passed a classic SPF test by the MDA (or MX)
MUAs can display the PRA as verified. Otherwise they display
the PRA as unverified. That's already possible today, if the
MDA (or MX) inserted a Received-SPF header as defined in the
classic draft-mengwong-spf-01.txt
Caller-Id / Unified / Sender-Id / SUBMITTER are not necessary
to determine and display a verified PRA in a MUA without DNS.
Bye, Frank