On Wed, 12 Oct 2005, Frank Ellermann wrote:
Two ideas were proposed:
- add the concept of a "default Sender := MAIL FROM identity"
for mail without any Resent-From, Resent-Sender, or Sender.
In other words fix PRA at the side of the receiver instead
of hoping that the whole world fixes their software at the
side of the sender (MUA or MSA).
But that idea was "rejected" (= almost nobody in MARID agreed
with it), so we're stuck with PRA as it is, i.e. different
spf2.0/pra vs. spf2.0/mfrom scopes.
That is now an option in Python milter (milter-0.8.3). I have been
using it, and a huge benefit is that many email clients display
Sender and From by default, and since MAIL FROM is verified via
spf1 (i.e. rejected if not reasonable according to local policy),
users see a verified identity.
Sets of IPs always mean "works best at the border". If you
want something that works everywhere you need signatures. Bye
Hear! Hear! This needs to be emphasized for those checking SPF.
The most common mistake made when checking SPF is checking it
somewhere other than the border.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com