Re: using received headers to determine sending mta

spf-discuss

Re: using received headers to determine sending mta

2005-01-12 10:44:35

On Wed, 2005-01-12 at 18:16 +0100, jpinkerton wrote:

http://www.spf.idimo.com/fix-1.php


I don't think it needs to be that complex -- you can just use the record
for the reverse-path and compare with the sending host and the Received:
headers. 

Your solution is good, but has a problem -- it's trivial to fake a
Received: header claiming that the mail did originate from an authorised
IP address. You need the original sending MTA to include a signature
which really can be trusted, and then it'll work.

-- 
dwmw2

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
using received headers to determine sending mta, Dan Field Re: using received headers to determine sending mta, Chris Haynes RE: using received headers to determine sending mta, Dan Field Re: using received headers to determine sending mta, Chris Haynes Re: using received headers to determine sending mta, Stephane Bortzmeyer RE: using received headers to determine sending mta, william(at)elan.net Re: using received headers to determine sending mta, Stephane Bortzmeyer Re: using received headers to determine sending mta, jpinkerton Re: using received headers to determine sending mta, David Woodhouse <= Re: using received headers to determine sending mta, jpinkerton Re: using received headers to determine sending mta, David Woodhouse

Previous by Date:	Re: using received headers to determine sending mta, jpinkerton
Next by Date:	Re: using received headers to determine sending mta, jpinkerton
Previous by Thread:	Re: using received headers to determine sending mta, jpinkerton
Next by Thread:	Re: using received headers to determine sending mta, jpinkerton
Indexes:	[Date] [Thread] [Top] [All Lists]