spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: New ideas for RFC2822 headers checking with SPF

2004-10-25 11:08:50
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Greg 
Connor
Sent: Sunday, October 24, 2004 2:31 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: New ideas for RFC2822 headers checking
with SPF



--Seth Goodman <sethg(_at_)GoodmanAssociates(_dot_)com> wrote:


a) MSA immediately rejects, with explantation, any message where the
highest of From:/Sender:/(newest)Resent-From: does not match
return-path. This would be ideal, though I don't know if all MUA's can
set return-path properly.  This approach avoids all ethical and legal
problems.  If the explanation returned included web links to clear
instructions on how to correct the setup in each of the common MUA's,
service calls would be reduced, but not eliminated.



Greg Connor <gconnor(_at_)nekodojo(_dot_)org> wrote:

I would suggest modifying this to say "rejects any message where the
domain of  the most recent From:/Sender:/(newest)Resent-From: does not
match the   domain of  the return path."  Adding "domain of" allows
things like SES/SRS or VERP to work.




--Ralf Doeblitz <list+spf-discuss(_at_)doeblitz(_dot_)net> wrote:

NACK. Let the MSA sort put which addresses the submitter may use. For
something like VERP ans SES/SRS there should be regular expressions that
match login to allowed adresses.


Greg Connor wrote:
A very good point, one which I didn't think through completely at first.
In some cases the auth user will own a single email address in the ISP's
domain, and in other cases the auth user owns the whole domain.

I think this underscores the point that the MSA should be able to sort out
who owns what address, and other MTAs that are not the MSA should not be
trying to match them up.  SPF is probably not the best tool for this, and
there are number of other techniques that would work, if ISPs would just
spend the time to correlate return addresses to auth users.


What SPF can do is make it very clear that this sort of return address
management is an essential pre-requisite to safely using SPF PASS on a
shared MSA/MTA.  Perhaps if we are clear about that, customers will start to
demand these kind of controls from their providers.

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ptr issue, Eric Stocker
Next by Date:  [NEWS] MSNBC - Microsoft revises anti-spam standard, wayne
Previous by Thread:  RE: Re: New ideas for RFC2822 headers checking with SPF, Greg Connor
Next by Thread:  RE: Re: New ideas for RFC2822 headers checking with SPF, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]