Dave Crocker wrote:
On Tue, 21 Sep 2004 12:08:04 -0400, Meng Weng Wong wrote:
From the receiver's point of view, the sender is
authenticated or unauthenticated.
These mechanisms are intended to get receivers to accept mail, so the
receiver's point of view is the critical one.
From that perspective, SPF attempts to authenticate the
RFC2821.MailFrom field.
I really disagree. When you check my SPF record, really the only thing you
can determine, is whether the relay is authorized to send mail on behalf of
my domain name. You cannot, as receiver, authenticate the "RFC2821.MailFrom"
address with that information. For one, because SPF checks are done against
the RHS of the domain, not the LHS (local part) of the address.
If you can show/explain me how, in Meng's words, "From the receiver's point
of view, the sender is authenticated or unauthenticated," based on my SPF
record, then I will gladly stand corrected. Until that time, I say I publish
SPF records which allow you to determine what relays are authorized to send
mail on behalf of my domain name; and also, that you should NOT assume,
based on the SPF record alone, that the envelope-from is authenticated (in
my case, it actually is, because I enforce a rewriting of the RFC2821 and
RFC2822 from addresses for SASL authenticated users; but that is certainly
not standard, nor holds generally true for SPF records).
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx