Seth Goodman wrote:
Many intelligent readers will cry "foul", this is not fair. It isn't,
but that is our system.
http://www.microsoft.com/mscorp/twc/privacy/spam_senderid.mspx
According to that page, If you want to check the SPF record in incoming
mail, you need to update to Sender ID compliant software to check PRA of
incoming mail.
I guess I don't understand something. Are we dropping the MAIL-TO and
EHLO and source IP check altogether and basing the checks on what's in
the DATA?
I have been trying to figure out what the difference really is, reading
the 'example problems' that PRA is supposed to address.
one is the 'contact form that is "from" the user's input address'
When I do such a thing on a bsd machine with sendmail using a php
script, I get this
On an MS server using ASP and CDO I get this:
250-oo50 Hi h-68-165-182-37.lsanca54.covad.net [68.165.182.37]
dispatching MAIL FROM:<web(_dot_)server(_at_)buenaparkchamber(_dot_)org>
250 web(_dot_)server(_at_)buenaparkchamber(_dot_)org, sender OK it is wery
exciting.
dispatching RCPT TO:<contact(_at_)buenaparkchamber(_dot_)org>
250 contact(_at_)buenaparkchamber(_dot_)org, recipient ok
dispatching DATA
354 go ahead
250 Queued!
dispatching QUIT
221 oo50 bye. Have a wonderfulo dayo.
From what I understand, the CDO thingy just drops a text email into the
outgoing queue for processing. So, it is using the FROM address of the
message to do MAIL FROM.