In <42E169B8(_dot_)3095(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
Daniel Taylor wrote:
the PRA algorithm was not discussed in quite the depth here
It's pretty simple, scan the header for Resent-Sender, then
Resent-From, then Sender, then From (each step top down), and
take the first match. If that has more than one address it's
a syntax problem (=> no PRA), otherwise it's the PRA.
In the spf-discuss(_at_)v2(_dot_)listbox case you get the Sender as PRA.
I don't think the PRA is really that simple and I think that Frank's
description is wrong.
The PRA is found is taken from the From: header. If there are more
than one email addresses listed on the From: header, choose the first
one. Unless there is a Sender: header, in which case you use that
instead of the From:. Unless there is a Resent-From: header, in which
case you use that. Unless there is a Resent-Sender: header, in which
case you use that. Unless there is a trace header between the
Resent-From: and the Resent-Sender: headers, in which case you use use
the Resnet-From: header. In all cases, you ignore all but the top
most Resent-From: and Reset-Sender: headers. If there aren't any
From:, Sender:, or Resent-* headers, or if there are more than one
From: or Sender: header, or if these headers do not contain actual
email addresses, then I'm not exactly sure what happens, but it is
defined.
2. If so, then what is the advantage over mfrom/helo checks?
MS wants to display the PRA in MUAs, and they don't trust that
the Return-Path is available - of course it can be also empty.
But MS is not displaying the PRA in the MUA, or at least the hotmail
folks aren't. This actually helps the phishers. *sigh*
The PRA is better than the mfrom *IF* the checking isn't being done at
the border MTA where all information is available *AND* if there
wasn't, contrary to RFCs, a Return-Path: header included *AND* if you
can correctly parse the Received: headers and correctly derive IP
address of the border MTA *AND* the PRA returns an email address.
-wayne