spf-discuss
[Top] [All Lists]

Re: 2.3 Checking Authorization

2004-10-14 10:03:19

On Oct 14, 2004, at 8:58 AM, Guy wrote:

If the SPF check is not done when it is received, then how will the error be returned to the sender? Malformed domain! What about forged addresses, would you send a bounce back to the forged address? Not good! This is what
SPF is trying to stop!

There is no requirement to return the SPF check status to the sender. The Fail status (and reason code) can tagged on the message (perhaps via a header) and the MUA can then decided to junk the message, or show it to the user, or whatever.

I agree that if the SPF check is performed after mail is accepted, it is not a good idea to bounce messages with Fail status.

        - Mark