On Tue, May 10, 2005 at 02:21:25PM +0200, Julian Mehnle wrote:
spf-related:
It would be convenient for MUA's if there were a header item that said:
"I fully and completely trust the previous MTA."
If there were such a claim, (placed in or above Received), then MUA's
could know they could trust the authentication and other headers one-hop
backwards.
The problem with that is that the ability to make such an assertion ("full
and complete trust") is rarely useful in real life.
Received: by MUA
Received: from_trusted virusscanner.example.org
by spamassassin.example.org
[...]
Received: from_trusted mxhost.example.org
by virusscanner.example.org
[...]
Received: from spamhost.spamhouse.invalid
by mxhost.example.org
[...]
Received: from_trusted goodguy.example.net
[...]
Received-SPF: [... resulting in PASS]
X-Spam-Flag: no
[...]
The MUA need not have knowledge about the infrastructure yet it
does know it cannot trust "Received-SPF:"
This proposal could work. The trust chain stops as soon as a
"Received: from " (note last space) is seen. Ignore any information
after that line.
Alex