On Nov 18, 2004, at 11:59 AM, Dave Crocker wrote:
On Thu, 18 Nov 2004 17:23:10 +0100, Alex van den Bogaerdt wrote:
I get the feeling you think false positives are possible with SPF.
As has happened to me several times over the last few weeks, I needed
to use machines and networks that were not in my regular set. This
meant using MTAs that were not in my regular set. Some were public
kiosks and some were friend's pc's, where I set the rfc2822.From field
to be my address.
All of the messages from those situations would be assessed an
"unauthorized" and therefore would be falsely rejected.
That's not precisely true. IF the owner of the domain that was present
in your RFC2822 From address says that you can't do that... then you
can't do that and isn't a false positive -- It's a painful policy.
Of course, if people published RFC2821 policies are suddenly
interpreted in an RFC2822 context, then absolutely. Maybe I missed the
first part of this thread and that is what you are referring to as
"SPF".
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth