spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] The problems with SPF

2005-08-26 17:33:01
from [Dennis Willson] [Permanent Link] 


Dick St.Peters wrote:

Julian Mehnle writes:


I predict that forwarding without sender rewriting will die and SPF (or
an equivalent technology) will succeed, because, overall, authenticity of sender addresses simply is much more important to users than forwarding without sender rewriting, which can (from users' perspective) be easily substituted by forwarding _with_ sender rewriting. 


Speaking as a commercial forwarder who has *already* substituted
forwarding with envelope sender rewriting, I think what's important to
users is not who the envelope sender is but whom the mail is really
from.

Users care so little about who sent their mail that most MUAs don't
even bother to display the envelope sender.  They do display a "From:"
header address, and it's the authenticity of that address that
matters, not how the mail got to the user.


Question:
Do you set the "reply to" to the old "mail from" address if the "reply to" isn't already specified? This looks like a nice neat solution to one of SPFs problems. It also looks simpler to implement than SRS (at least to me). Also what do you rewrite the from address to be? Is it the To address that originally came in? That would make it so the user could tell that it came from their forwarder. And to you add a header that indicates the original "mail from" address? This would allow a knowledgeable user to look at the headers and determine alot about the origin of the eMail. Also I assume that you check SPF before accepting the eMail to forward.
The fact that a sender can send an eMail and get an SPF pass and the user see a spoofed eMail address (because the spoofed eMail address was specified in the Data in the From header and that's all most email clients display) still bothers me and looks like a hole in the system. IMHO 


Dennis

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: The problems with SPF, Frank Ellermann
Next by Date:  [spf-discuss] Re: The problems with SPF, Frank Ellermann
Previous by Thread:  Re: [spf-discuss] The problems with SPF, Dick St.Peters
Next by Thread:  Re: [spf-discuss] The problems with SPF, Dick St.Peters
Indexes:  [Date] [Thread] [Top] [All Lists]