In <20041118104920(_dot_)903249(_at_)bbprime> Dave Crocker
<dhc(_at_)dcrocker(_dot_)net> writes:
I was not describing unauthorized usage. I was describing spontaneous usage.
SPF essentially eliminates spontaneous scenarios, by virtue of
requiring pre-registration.
This is not true. Last year, someone (I forget who) created a
specialized DNS server to do rate limiting for just this kind of
thing.
SPF does not "eliminate" or "require" any such thing as you claim.
Of course, if people published RFC2821 policies are suddenly
interpreted in an RFC2822 context, then absolutely. Maybe I
missed the first part of this thread and that is what you are
referring to as "SPF".
rfc2821.mailfrom is set by the rfc2822.sender. so, mailfrom might
appear in the envelope, but it represents the world of the author,
not the world of the carrier (MTA) even though it registers mta
information.
This is not true. The 2821.MAILFROM may, or may not be set by the
2822.From: or 2821.Sender:. For example, most mailing lists have
independantly set the 2821.MAILFROM to a completely different value
than in either for those 2822 headers for many years now.
ESPs have done similar things for many years also.
Email does not work as you claim.
If you choose to use your friends e-mail service to send your
mails and spoof your own address - that's SPOOFING - and *exactly*
This nicely demonstrates the problem with mis-using important terminology.
The dictionary definition of 'spoof' is "a hoax". The computer
science use of the word is similar.
This is not true. http://en.wikipedia.org/wiki/Spoof
The usage of "spoof" is not as you claim.
-wayne