In <430BDB7B(_dot_)3010501(_at_)kitterman(_dot_)com> Scott Kitterman
<spf2(_at_)kitterman(_dot_)com> writes:
wayne wrote:
In <430A7158(_dot_)6D76(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
Doesn't work, there are cases where you get an erroneous PASS
for PRA-on-spf1.
Uh, can you give an example where using the PRA on SPF records will
give an "erroneous PASS"? By "erroneous", I mean case where a domain
the domain owner determined by the PRA algorigthm is given a PASS when
it would not have PASSes if it was found in the return-path.
I can see cases where the PRA will give a pass when the domain owner
in the From: wouldn't want it to. (e.g. a phisher adding their own
domain to a resent-sender: header.)
From the POV of the record publisher your example IS an erroneous PASS.
I don't see that. The phisher published the record, they *wanted* the
PASS, and the got it.
Neither SPF nor SenderID protect the From: header.
-wayne