On Wed, Nov 24, 2004 at 08:22:27AM -0500, Michael Hammer wrote:
I understand what you're trying to do, and why; but perusing the headers
for Received: headers is, in the case of SPF, somewhat questionable. The
beauty of doing SPF at the SMTP dialogue level, is that the connecting IP
address, for all purposes and intent, is a trustworthy entity (see earlier
posts about the difficulty of hijacking a TCP/IP connection). You lose
that certainty with (unsigned) headers.
Mark, I'm going to have to quibble with you about the connecting IP
being a "trustworthy entity". A more appropriate phrasing would be "a
knowable entity". Just because someone connects to me on port 25
doesn't make them trustworthy.
You can trust that the IP address is what it looks. That does not
say anything about who's using it.
Logged IP address inside headers may be spoofed. Connecting addresses
are, most likely, real.
However, I get mail forwarded from a friend. I completely trust
his setup and the previous hop is _most_likely_ not forged. I can
use the information in _that_ part of the headers with the same amount
of trust as I would trust a connecting IP address. AFAIK this is
something spamcop is also doing.
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.