spf-discuss
[Top] [All Lists]

RE: SPF Setup Peculiarities For Megapathdsl

2005-02-26 09:00:31
Scott Kitterman wrote:
I have recently discovered that megapathdsl.com checks all mail
(inbound and outbound) for SPF.  They then apply the Received-spf
header.  They only reject inbound failures.

Foremost, a "Received-SPF:" header should not be added as a result of an
_outbound_ SPF check.  The header name kind of implies that.

Now one might assume that receivers would ignore Received-SPF headers
applied by previous MTAs. That is not always correct.

In the first place, only receiver _MUAs_, not MTAs, should care about the
"Received-SPF:" header.  Then, a receiver MUA should look at only those
"Received-SPF:" headers of which it is absolutely sure that they have been
genuinely added by the receiving MTA.  This is usually only the single
topmost header, _if_ the receiving MTA adds such a header at all.

There is no point in "blindly" looking for any "Received-SPF:" headers in
a received message, not knowing whether the receiving MTA actually added
those.  This might be a sloppiness in SpamAssassin and similar tools (I am
not sure because I don't use SpamAssassin).


<Prev in Thread] Current Thread [Next in Thread>