spf-discuss
[Top] [All Lists]

Re: Need greeting-card site advice

2005-03-10 15:55:11
Julian Mehnle wrote:

Stuart D. Gathman wrote:
I need a web page to give out to "greeting-card" sites (in our case,
tracking notification email) as to how to handle MAIL FROM.
[...]
I can tell them to use their own domain for MAIL FROM and chuck
any DSNs, or to use SRS so that DSNs can be reflected to the user
that initiated the email without using a database.

Doing SRS on unverified sender addresses, and thereby declaring trust in,
and taking responsibility for, their authenticity, is unwise.
user emails are assumed to be verified via confirmation email or similar.

Similarly to Brian W. Antoine's suggestion, I think the best solution for
greeting-card services is as follows:

 MAIL FROM: <greeting-card-master(_at_)greeting-card(_dot_)com>
 From:       user's-purported-address(_at_)domain(_dot_)net
 Sender:     greeting-card-master(_at_)greeting-card(_dot_)com

No "Reply-To:" necessary, replies will go to the "From:" address.
That doesn't handle DSN. Replies are not the problem (unless they are the stupid virus filter replies that ought to be a DSN).




<Prev in Thread] Current Thread [Next in Thread>