Simon Tyler wrote:
one assumes that the user trusts their AV gateway to add the
correct header and that the mail is sent straight from the AV
gateway to the user through only trusted machines.
Yes, but you have to be ready for the AV part to add or remove
hops on their side without informing you. So what might be
three timestamp lines (Received headers) today could be more
or less tomorrow.
SpamCop has the same problem, it uses an MX heuristics. For
your case that's "find last 'by xxx' where xxx is an MX of my
customer" (= the AV server), and in that timestamp the 'from'
etc. is what you need. Pray that they at least stick to a
consistent way to report the IP in this line, and better don't
try to emulate SPF HELO with this method...
...actually you could as well give up on SPF checking in this
scenario, I seriously doubt that you'd catch much spam with
it. SPF is more interesting at the front before DATA and the
more expensive checks.
You also get some critical races with a delayed SPF-emulation:
It's not worth it, whitelist the AV-server and forget SPF for
this customer.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com