On Sat, 21 Aug 2004, AccuSpam wrote:
SPF "-all" attempts to say semantically that "email not from a certain IP
is forgery" where from a senders perspective "any email I send is not a
forgery".
Another way of saying that SPF "-all" is a gross oversimplication of sender
identity. It attempts to say that senders are IP addresses of mail relays,
when in fact senders are human beings. The closer you can get to signing
actions the humans do to send, the closer you are not making a false
assumption.
You are correct for RFC 2822 senders. However, SPF is concerned with
the RFC 2821 sender, AKA Return-Path. This is not a person, but
a set of machines tied to a domain name. Mapping this to a set of
IPs is entirely reasonable. Since your scheme is concerned with
authentication persons (i.e. RFC 2822 headers), perhaps you should
troll another mailing list. SPF is about authenticating RFC 2821.
You might try the sender-ID or MARID lists, since they are dealing with RFC
2822 headers.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.