Hello!
On Mon, Nov 22, 2004 at 02:13:24AM -0600, Andy Bakun wrote:
Just seen in freshmeat, "Thunderbird Extension for Sender Policy
Framework". At first blush, this appears to be more along the lines of
PRA, not SPF, checking. The rush to implement these kinds of things FOR
USERS could be (or has been, take your pick) problematic for SPF.
Thunderbird Extension for Sender Policy Framework
http://taubz.for.net/code/spf/
The extension looks for the email address of the sender in the
From: header (ex. sender(_at_)aol(_dot_)com), and it looks for the IP
address of the server that sent the email from the first
Received: header (ex. 124.125.100.50). It then contacts a query
server, sending it the email address and IP address, which
responds with whether that server is permitted to send email for
the domain name of the email address (ex. aol.com).
Sounds quite bogus. Not only because of that PRA-like stuff, but also
because often enough there could be 2 Received lines by the local
provider (e.g. here, first the mail comes to the incoming mail server,
then it's distributed to either the IMAP server or some shell server
or whatever).
Kind regards,
Hannah.