Mark,
On Tue, 21 Sep 2004 19:54:02 GMT, Mark wrote:
>> From that perspective, SPF attempts to authenticate the
>> RFC2821.MailFrom field.
I really disagree. When you check my SPF record, really the only thing you
can determine, is whether the relay is authorized to send mail on behalf of
my domain name.
"on behalf of" means that the receiver is expected to trust that the
authorizing
entity is valid, in this case the domain name listed in the rfc2821.mailfrom
command. so while, yes, the mta authorization is part of this, it is not the
primary security-related goal for the receiver. what is primary for the
receiver is authentication of the mailfrom domain.
You cannot, as receiver, authenticate the "RFC2821.MailFrom"
address with that information. For one, because SPF checks are done against
the RHS of the domain, not the LHS (local part) of the address.
yeah. sorry about that. i should have said rfc2821.mailfrom domain.
d/
--
Brandenburg InternetWorking
dcrocker(_at_)brandenburg(_dot_)com
+1.408.246.8253