----- Original Message -----
From: "Julian Mehnle" <bulk(_at_)mehnle(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Thursday, January 06, 2005 9:10 PM
Subject: RE: [spf-discuss] Should I include major ISPs in SPF for our hosted
domains?
I meant:
1. Notice the SMTP-AUTH identity. See if MAIL FROM matches the SMTP-AUTH
identity. If not, reject the MAIL FROM.
2. Notice the SMTP-AUTH identity. See if MAIL FROM matches the SMTP-AUTH
identity. If not, simply override MAIL FROM with an e-mail address
that is appropriate for the SMTP-AUTH identity.
Thanks for correcting me.
Allow me to correct you again! :-)
Once an SMTP AUTH session is established, everthing else is MUTE! SPF does
not apply.
SPF should augment the existing system by helping in filling in the holes
for Anonymous SMTP Transactions. An SMTP AUTH session is not anonymous.
The SPFC (SPF Council) should not take on issues that are already part of
the system to establish credentials. What you propose takes away from
backward compatibility, hence adds a greater barrier to adoption. In
addition, the SMTP AUTH concept is highly backend dependent.
My advice to SPFC - "Keep the eye on the prize."
Sincerely,
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office