-----Original Message-----
From: Seth Goodman [mailto:sethg(_at_)GoodmanAssociates(_dot_)com]
Sent: Thursday, August 18, 2005 12:04 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] possibilities for 2822 (was SPF
implementations)
From: Scott Kitterman [mailto:spf2(_at_)kitterman(_dot_)com]
Sent: Wednesday, August 17, 2005 10:38 PM
Now what I was trying to suggest was something much simpler than many of
these options.
Give domain owners who do not want their 2822-From: (or 2822-Sender:
perhaps) used with someone else's 2821-Mail From:.
Domains that want to impose this restriction add from=yes to their SPF
record.
Any domain that opts in to this gives up the ability to participate in
mailing lists. That is a heavy price to pay. If you make it From: _or_
Sender:, when it exists, you still get what you want while allowing those
domains to post to mailing lists.
I agree (it was on purpose). Maybe we have some options (now it gets more
complex unfortunately).
Maybe instead of just from=yes, there is also an option for from=sender if
you want to open it up a bit. I wasn't particularly looking for a modifier
that would be of much use for typical sending domains. What I was looking
for was a modifier that would give commonly phished domains a way to close
down tight. I expect that this sort of modifier would have value for only a
few senders, but for virtually all receivers.
My goal is to extend the current Mail From protection provided by SPF to a
limited protection for high value Froms. Thus rudimentary anti-phishing
tool would increase the incentive for receivers to check SPF. It would be
simple enough with from=sender to include sender also if one wanted to.
This would make it more generally useful for senders.
Scott K