On Fri, 8 Jul 2005, Julian Mehnle wrote:
Stuart D. Gathman wrote:
An SPF pass is useful for whitelisting. You can already blacklist
a domain without regard to forgery, [...]
No, you can't. If I started sending out spam using
(_dot_)(_dot_)(_dot_)(_at_)debian(_dot_)org as the
envelope sender, would you blacklist debian.org?
What I meant is, you don't need to worry about whether it is forged
when you REJECT at SMTP time any mail claiming to be from
"whitehotspecials.com".
Of course, you need to worry about forgery when making the decision
to add a name to the blacklist. I am sorry I wasn't clear.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.