On Fri, Feb 25, 2005 at 05:49:31PM -0700, David MacQuigg wrote:
We can then use the Received: headers for the bounce path instead of
bouncing directly to the forged Return-Path:. If the mail is legit,
sending it back along the bounce path will get it to the same place as the
Return-Path. If its a forgery, the bounces will stop where they should, at
the forger's domain, and not bother anyone at the forged Return-Path.
So to make SPF work with forwarders, we don't need any new headers, just a
few more words in an existing, widely accepted header, and an agreement on
how forwarders should handle bounces.
Am I missing something?
Yes, again.
You cannot assume you can connect to a host that connected to you.
And no, not being able to connect back is no indication of forgery.
Alex