spf-discuss
[Top] [All Lists]

Re: MUAs checking SPF

2004-11-22 08:23:40
Hello!

On Mon, Nov 22, 2004 at 02:13:24AM -0600, Andy Bakun wrote:
Just seen in freshmeat, "Thunderbird Extension for Sender Policy
Framework".  At first blush, this appears to be more along the lines of
PRA, not SPF, checking.  The rush to implement these kinds of things FOR
USERS could be (or has been, take your pick) problematic for SPF.


Thunderbird Extension for Sender Policy Framework

http://taubz.for.net/code/spf/

       The extension looks for the email address of the sender in the
       From: header (ex. sender(_at_)aol(_dot_)com), and it looks for the IP
       address of the server that sent the email from the first
       Received: header (ex. 124.125.100.50). It then contacts a query
       server, sending it the email address and IP address, which
       responds with whether that server is permitted to send email for
       the domain name of the email address (ex. aol.com).

Sounds quite bogus. Not only because of that PRA-like stuff, but also
because often enough there could be 2 Received lines by the local
provider (e.g. here, first the mail comes to the incoming mail server,
then it's distributed to either the IMAP server or some shell server
or whatever).

Kind regards,

Hannah.


<Prev in Thread] Current Thread [Next in Thread>