spf-discuss
[Top] [All Lists]

RE: possibilities for 2822 (was SPF implementations)

2005-08-17 22:42:36
-----Original Message-----
From: Seth Goodman [mailto:sethg(_at_)GoodmanAssociates(_dot_)com]
Sent: Thursday, August 18, 2005 12:04 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] possibilities for 2822 (was SPF
implementations)


From: Scott Kitterman [mailto:spf2(_at_)kitterman(_dot_)com]
Sent: Wednesday, August 17, 2005 10:38 PM


Now what I was trying to suggest was something much simpler than many of
these options.

Give domain owners who do not want their 2822-From: (or 2822-Sender:
perhaps) used with someone else's 2821-Mail From:.

Domains that want to impose this restriction add from=yes to their SPF
record.

Any domain that opts in to this gives up the ability to participate in
mailing lists.  That is a heavy price to pay.  If you make it From: _or_
Sender:, when it exists, you still get what you want while allowing those
domains to post to mailing lists.

I agree (it was on purpose).  Maybe we have some options (now it gets more
complex unfortunately).

Maybe instead of just from=yes, there is also an option for from=sender if
you want to open it up a bit.  I wasn't particularly looking for a modifier
that would be of much use for typical sending domains.  What I was looking
for was a modifier that would give commonly phished domains a way to close
down tight.  I expect that this sort of modifier would have value for only a
few senders, but for virtually all receivers.

My goal is to extend the current Mail From protection provided by SPF to a
limited protection for high value Froms.  Thus rudimentary anti-phishing
tool would increase the incentive for receivers to check SPF.  It would be
simple enough with from=sender to include sender also if one wanted to.
This would make it more generally useful for senders.

Scott K