spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New ideas for RFC2822 headers checking with SPF

2004-10-19 03:39:00
from [william(at)elan.net] [Permanent Link] 

On Tue, 19 Oct 2004, Tony Finch wrote:


On Tue, 19 Oct 2004, william(at)elan.net wrote:


 2. PRA (RFC2822 headers) domain authorizations records will
    always be the same as MAIL-FROM data


Wrong. If your site is doing BATV or SES etc. then the PRA record will be
+all but the MAIL FROM record will be include:jobbyjobby -all. Also the
MAIL FROM will always be different from the Sender: and From:


Did I not mention right below that I do not agree with the premise 
that Meng was trying to force on us by making PRA use SPF1 records?

Anyway the point of idea is to is to allow to domain record to indicate
if  emails would have same MAIL FROM and From or not. If somebody is using
BATV or SES obviously they would not and this record would not be there.

However in this case it should still be possible to etnere a record that
would say that although full address would not match, the domain portions
of 2821 MAIL FROM and From/Sender would still be expected to match and I
believe this would work fine with BATV.

I still would like to find a way to deal with those domains where sender
(headers) is specifically expected to be different then RFC2821 Mail-From. 
One possibility is that if sender knows what addresses are acceptable
than list could be provided (i.e. either list of those domains that are
considered ok to be used in From/Sender in conjunction with certain 
RFC2821 mail-from or the other way around) with new type of system 
that could potentially either be based on SPF (it would have to be like
DMP with its prefix structure and queried domain being part of that)
or in SRV or PTR. At the same time I'm not entirely certain this new
system for those small number of domains (which are not likely to
have phishing problem anyway) and the resulting complexity is worth it,
I would rather the people who have to use different Sender/From 
from their MAIL-FROM and want protection start cryptographically
signing messages body with S/MIME or PGP and later whatever MASS WG
comesup with (which I obviously would prefer to be MTA Signatures :)

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: New ideas for RFC2822 headers checking with SPF, Tony Finch
Next by Date:  Re: New ideas for RFC2822 headers checking with SPF, william(at)elan.net
Previous by Thread:  Re: New ideas for RFC2822 headers checking with SPF, Tony Finch
Next by Thread:  RE: New ideas for RFC2822 headers checking with SPF, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]