jpinkerton wrote:
I hope I am wrong - but if I can send you a mail with a false reply-to
that's spoofing, afaik, and is exactly what spf is trying to stop.
I completely disagree. Adding a Reply-To: header is exactly what we *should*
be advocating for people trying to use a "foreign" ISP where they cannot for
whatever reason using SMTP AUTH from the "home" ISP. They send mail using the
account at the "foreign" ISP (MAIL FROM: and From: header), and use a
Reply-To: header to have replies go to their home account. No spoofing,
perfectly legitimate.
If mail sent in this format turns out to be abusive, the complaints will go to
the "foreign" ISP, which is exactly as it should be.
Paul.