From: Simon Tyler [mailto:simont(_at_)gordano(_dot_)com]
Sent: vrijdag 23 september 2005 10:52
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] SPF and gateways
The fundamental assumption here is that the AV gateway is AV only
and is not SPF\SRS aware in anyway. Hence the first point
we are able to check SPF is after the AV gateway.
SPF checking really should be done before AV checks, because an AV check
requires you to include the DATA phase; and SPF really works best when it
can REJECT during the SMTP dialogue of the connecting client. Doing an AV
check first means you first have to accept the message (if not REJECTED
for AV reasons, of course); and after you have accepted the message, with
the 250 reply code, you can no longer REJECT it.
So, indeed, as JohnP indicated, I would go the 'change-the-mx' route
and have SPF done by a front-end SPF checker.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com