Dennis Willson wrote:
Isn't using SPF on the "From" address an acceptable use of
SPF?
It's NOT RECOMMENDED in the spec., because it won't work in
many cases. E.g. this reply should have From: nobody(_at_)xyzzy,
and you'd get a FAIL if you test it, because my sender policy
doesn't cover the IPs of this mailing list.
If you take the Return-Path (v2.listbox) you'd get a PASS.
Sender-ID would pick the Sender instead of the From, that
happens to be the same as the Return-Path for this mailing
list, and therefore it should also work.
The serious trouble starts if From, Sender, and Return-Path
are all different. Or if From and Return-Path are different,
and there is no Sender. If you then pick whatever you like
and test it against v=spf1 you'd get wrong results. Often
it will _apparently_ work - you'd catch that PayPal phish -
but not generally, you'd delete legit mails together with
the phishing crap => NOT RECOMMENDED.
Bye, Frank