Hi,
On Mon, Aug 23, 2004 at 03:32:56PM +0300, Andriy G. Tereshchenko wrote:
Greg Wooledge wrote:
3. Thus if a receiver (be it the MTA or MUA) is verifying
whether an
email is a forgery, if the "-all" is not present in the SPF DNS
record, then the question can not be answered with 100% certainty.
MUAs cannot be receivers of mail. Only MTAs can receive mail.
Wrong. In case if you are using non-SPF aware ISP you must be able to perform
email filtering in your MUA.
You can check IP address from Received: against SPF records and move forgery
to "Spam" folder.
But this is not ideal. If a legitimate mail is rejected at SMTP time
because of spf, the sender will receive a message from his (or his
ISP's) MTA. If it is forged by a virus/spambot, nothing will be sent,
and the spambot moves on to the next victim.
If you now store the message in sthe Spam folder, the legitimate user
will not see that something has gone wrong with his mail untill you
decide to look at your spamfolder and do notice the one legitimate post
among the hundreds of pieces of spam :)
P.S> If your MUA can not receive mail - you will be unable to read this
message ;-)
Well, actually.. My MUA does not receive mail, it just reads files from
/var/mail/gmc, it really is the MTA that does the receiving.. But this
is starting to sound like philosophy :)
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/