AccuSpam wrote:
1. SPF sets a DNS record which tells us which IP addresses in
Received: header to trust.
Wrong. At SMTP dialogue level, SPF checks whether a relay is authorized to
send mail on behalf of a domain name found in either the envelope-from or
helo string. That is the power of SPF: since the IP address is checked at
connection time, it cannot be forged (hence, requires no signed headers).
Whether an MUA can trust a Received: header is an entirely different matter.
7. So since I have established that SMTP authentication is a
requirement for "-all" is many cases, and since "-all" is a
requirement for detecting forgery with 100% certainty using SPF, then
all I need to factually state is that SMTP authentication requires
MUAs to be configured differently (and for many users of older
versions of MUA must upgrade first) than non-authenticated SMTP.
So, lemme see if I got this straight. Your objection to SPF is that it would
be too cumbersome to 'upgrade' existing MUA's to use a long-since proven and
approved technology such as SMTP AUTH, right? And then you pitch your idea
which would require MUA's all over the world to be upgraded/patched with
your wee scheme?? Surely, you must, at some point, be aware of the irony of
this! LOL :)
The plot thinnens!
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx