spf-discuss
[Top] [All Lists]

Re: purely dual-format approach

2004-11-01 01:01:21
Greg Connor wrote:

Nobody has shown clear examples of exactly how PRA will fail
in cases where MAIL FROM works.

This "nobody" includes nobody(_at_)xyzzy (when sending mail via an
MSA of a 3rd party), Meng in MARID (all "sympa" mailing lists),
M.Olson, and others.

It affects all moderated newsgroups worldwide depending on the
procedure of the news server (generally invisible for posters).

Like SPF it affects _all_ forwarders, unlike SPF it restricts
workarounds to exactly one solution:  Add a Resent-From header.

The essence of the whole No Reuse camp seems to be an
underlying assumption that since PRA is inherently flawed

Sure, the Resent-hack is open for everybody including spammers.
In the case of SPF that's a feature. let them use and burn
their own throw-away domains, nobody cares, they already do it
for spamvertized URLs.

In the case of PRA it's a bug, because existing MUAs won't do
anything special with PRA Resent-hack headers.  PRA does not
really work against phishing, SPF does not work against spam.

Unlike PRA SPF _does_ work against forged MAIL FROM (and HELO).
PRA nil, SPF one.  Game, set, and match SPF.

Neither of those have been shown to be true

Hogwash.



<Prev in Thread] Current Thread [Next in Thread>