Hi !!
- Receivers doing SPF checks, if that header is present, should
interpret it this way:
You are totally missing the point of checking SPF.
The message can be rejected before it is received.
>
> Nothing in the DATA part will help, there will not be a DATA part.
then you obviously cannot check any header, if you have read carefully
what i say (maybe i should explain it better) this is only for spf
results neutral and softfail, where spf does not allow to bounce before
DATA. If you reject the message then this not aplies, if spf result is
pass there is also no forwarding problem and then this also does not
apply. For softfail and neutral you don't know if the message has been
forwarded or it's just a forgery. What i try to do here (at DATA phase)
is distinguish between forwarded and forged messages.
As is said before: "forwarding" is a receiver problem. The message
is received (by the forwarding party) and is resent. The forwarder
and the next recipient will have to make sure SPF isn't checked at
that point.
you still don't know if the message has been forwarded or not, that's
why almost verybody publish softfail or neutral default results instead
of fail.
The problem: forwarders abuse other people's names.
forwarders just do forwarding, they do not abuse anything.
The solution: stop forging messages, with or without good intent. SRS is
one of the possible solutions
yes, but you have to wait until 100% people use forwarding (i think
you will pass many years before this happens), in the meantime SPF is
not too much effective.
A workaround: don't verify SPF when you receive a message from this forwarder
yes, still, how do you know if the message comes from a forwarder or is
just a forgery ? in other words, this opens a big door for forgeries.
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com