Seth Goodman wrote:
Nothing in SPF forces a recipient to reject anything.
Sure, but you were talking about 2822 tests at the border MTA,
and I wanted to stress that there can be valid reasons to never
ever look "into" received mail. Except from finding the end
of DATA and inserting a time stamp line before it. And the
Return-Path if it's an MDA.
My comment is that most people _can_ set them to both be
the same, though they may not like the address they are
restricted to.
Okay, that's clear. In my case it's not that I don't like my
other address, it's only that I prefer my usual From: nobody@,
because every spammer in the world has it already. And of
course I don't like to add an "eh"-Sender manually by such
sophisticated procedures as "edit file outbox" ;-)
When you say that a particular MSA enforces submission rights
but does not manipulate data, are you saying that it simply
rejects non-compliant messages?
Yes, I'm forced to use my MAIL FROM at this MSA. Otherwise I
get an error. That's RfC 2476 6.1 "enforce submission rights".
But this MSA does not look "into" my mail, and doesn't add a
Sender if it finds a 2822-From different from the MAIL FROM
without Sender. That would be RfC 2476 8.1 "MAY add Sender".
I'm also on a Sympa list (Errors-To) and write in newsgroups.
Rarely in moderated groups, but that could change. Sender-ID
could really hurt me. William's idea is okay, I simply don't
opt-in, no problem.
Without changing a header or rejecting the submission
Changing the MAIL FROM would be another way to enforce it, but
that's not covered by RfC 2476. And it's rather dubious, if
you say MAIL FROM:<me>, and the MSA silently fixes it for you
into MAIL FROM:<you>. Mailers trying to "fix" headers or in
this case the MAIL FROM, it's a can of worms.
If nothing else, it should be worth a couple of points in
SpamAssassin.
Maybe. Actually I don't see why SA should be impressed by the
presence of a redundant Sender: header only to get William's
"equivalent header". It's not directly related to spam, it's
anti-phishing to a certain degree, depending on the MUA and
the user. Most of the time I use "view all headers" and see
the Return-Path, an equivalent Sender won't help me then.
Anyone who can enforce submission rights for their domain
would want to do this to hinder 2822 joe-jobs.
Yes, domain owners can arrange it. Not all users are domain
owners. Otherwise I'd simply add the MSA in question to my
sender policy. And the IP of SYMPA. And the IP used by my
news server for submissions to moderated groups. After these
three steps even Sender-Id would work with my v=spf1 policy ;-)
Pobox.com users have per user policies, that's as good as a
real domain for SPF. So maybe Meng sees another good reason
to support William's idea.
Bye, Frank