There you go again.
SPF does not validate users. In most of the examples below it is
obvious that the mail is a valid example.com e-mail, whether it is
from the particular _user_ at example.com is another matter.
Get GPG.
Thank you for playing.
David Woodhouse wrote:
Some examples to ponder. A mail arrives at your site from one of my mail
hosts, looking like this:
MAIL
FROM:<SRS0+xx+yy+example(_dot_)com+joeuser(_at_)pentafluge(_dot_)srs(_dot_)infradead(_dot_)org>
and
Received: from [2002:c1ed:8229:10:2c0:f0ff:fe31:e18] (helo=me) by
pentafluge.infradead.org with esmtpsa id 1C7Ej2-0008II-SZ;
Tue, 14 Sep 2004 15:56:09 +0100
From: <joeuser(_at_)example(_dot_)com>
It looks like it's been sent by Joe, with SMTP AUTH (that's what the 'a'
means in esmtpsa). But did Joe really send it?
Another mail arrives like this:
MAIL FROM:<joeuser(_at_)example(_dot_)com>
Received: from workstation.example.internal by mx.example.com by
esmtps; Tue, 14 Sep 2004 13:50:59 +0100
Received: from mua (janeevil(_at_)localhost) by
workstation.example.internal
by esmtps; Tue, 14 Sep 2004 13:50:54 +0100
X-Authentication-Warning: workstation.example.internal: janeevil
owned process doing -bs
From: joeuser(_at_)example(_dot_)com
Did _that_ mail come from Joe? SPF passes.
A third mail arrives like this:
MAIL FROM:<joeuser(_at_)hosteddomain(_dot_)com>
Received: from apache by mail.virtualhosting.com with local
id 1C7UuW-0007EB-Lx; Wed, 15 Sep 2004 09:13:04 +0100
From: <joeuser(_at_)example(_dot_)com>
Again SPF passes. Does that one really come from Joe?
A final mail arrives in your _inbox_ like this (I included your own
Received: header this time):
Return-Path: <joeuser(_at_)hosteddomain(_dot_)com>
Received: from mail.virtualhosting.com with esmtps
(helo=hosteddomain.com ident=janeevil) id
1C7V0c-0000lt-Cm; Wed, 15 Sep 2004 09:19:23 +0100
Received-SPF: Pass; mail.virtualhosting.com is designated sender
for hosteddomain.com
From: joeuser(_at_)hosteddomain(_dot_)com
Same question -- did Joe actually send this one?
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203