On Fri, Aug 20, 2004 at 02:54:52AM +0000, Mark wrote:
May I ask, what domain (part) do you check against, actually? The TLD of
the PTR? And what if no PTR is available? And what of two-level country
TLD's? SURBL ran into similar questions. Not really an SPF issue, to
be honest; but it were nice if cloudmark gave some specs as how to
retrieve the domain name to check against.
It's ment to be used with sender-id, so you check against the sender-id
domain (which is the PRA domain, ...
Thank you. They actually DO say it is used in conjunction with SenderID.
Which raises some doubt as to its current useability, really. Without a
mechanism in place yet to make the determination whether the relay is really
authorized to use a PRA domain, nothing goes. Because I am not going to
award positive SA scores for the use of, say, the hotmail.com domain in the
PRA (hotmail.com has a "Status: Good"), until I am darn sure the relay is
authorized to use that domain name. Long live good ol' SPF! :)
Ah, sender-id is (if you ask me) a bygone before it even is born.. The bastard
child of spf and caller-id, left to rot by both parents..
to be obtained with a microsoft
patented algorithm for which you have to sign a license and send it to
microsoft before using it).
The extraction process is clearly documented. I wrote my own algorithm. I am
not sure if I still have to sign a licence, then; but signing licences sure
takes the fun out of things, doesn't it?
Well, if the algorithm extracts the PRA you will have to sign the license, or
else microsoft has the right to sue you down to your underpants i believe.
Which is exactly why sender-id is a laughing stock (apart from the fact that is
doesn't check 2821 entities, only easily forgeable 2822 entities..)
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/