Philip Gladstone wrote:
Radu Hociung wrote:
Perhaps you can come up with a practical use of %{l} that makes sense in
the real world?
For example, on my domain, I have (amongst other things)
'-exists:%{l}.users.%{d}'
I have a stunt DNS server that returns a TXT record for all users that
*do not exist*. This simple rule catches a nuch of stuff. It also allow
my valid users to send from anywhere. Yes, it doesn't lock things down
completely -- I have other entries that do that.
But why would the mail servers specified in the other parts of the
policy send mail from users that don't exist in your domain?
If mail is sent from a non-existent user from a non-authorized IP, the
-all takes care of that.
Ah... I see... perhaps your users are allowed to put in their submission
MAIL-FROM anything they please, including each other's user ids?
I believe that all you achieve with this method is the ability to deny
some of the existing users their mail-sending rights, no? Or perphaps it
prevents misconfigured software from sending out mail? Perhaps it also
prevents software bug reports from going out? (Some software has an
option to send a a bug report when shit happens, with the user's
blessing, of course. However, I don't know if such software is limited
to using methods other than SMTP)
Radu.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
smime.p7s
Description: S/MIME Cryptographic Signature