Mark Shewmaker wrote:
recipients using updated MUAs
Yes, that's one of the two problems with a fabricated PRA
passing whatever PRA tests, existing MUAs don't support it.
The other problem is that bounces are sent to the forged
MAIL FROM instead of the phisher, oops, PRA. I've no idea
about your sender_agents concept, but the early adopters of
SPF are all "once bitten twice shy" multiplied with a huge
number.
Any concept even remotely saying "trust me", where "trust
me" is a 3rd party, and any concept even remotely proposing
to "update existing software" (instead of only forwarders)
is DOA for these users.
If that's irrelevant for sender_agents please ignore it.
I don't really understand what advantages CSV would gain us
over an imaginary world in which EHLO domain names were
required by all recipients to be resolvable and matching the
sending IP.
The latter isn't really difficult, I have a DynDns host. Okay,
I couldn't use it for spamming, they'd kick me really fast.
Zombies using their own HELO gibberish.adsl.example host name
to send spam are real. But you weren't talking about a FUSSP,
so yes, as far as I'm concerned this requirement could be okay.
There must be a catch, it's too simple... ;-)
Bye, Frank