the only SPF related reason i can think of would be to downgrade an SPF:PASS
result to an SPF:NEUTRAL if the domain in any of the RFC2822 "inbound"
(from/sender/sentby/principal/replyto) addresses did not match the RFC2821
domain that SPF originally passed.
obvious downside, it would drop listservers (or anything that rewrote the
addresses) down to a NEUTRAL result but then again they are "forging" those
addresses, at least it wouldn't be giving "incorrect" PASS results to
someone forging the RFC2822 headers.
you could possibly fix this if the replyto address's domain was checked
first and if it was the same as the RFC2821 domain it wouldn't check the
rest of the RFC2822 addresses. this would mean a listserver would have to
set a replyto of the lists address and not the original senders (which not
all lists like to do).
i suppose this would also depend on how the MUA's are displaying replyto
addresses (if at all) as well.
----- Original Message -----
From: "Roger Moser" <Roger(_dot_)Moser(_at_)rama(_dot_)pamho(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, September 28, 2004 5:43 PM
Subject: [spf-discuss] No use of checking RFC2822 headers
What is the use of checking the mailbox addresses in the RFC2822 header if
Microsoft's Outlook Express does not display any of these addresses?