spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Successes and failures of the SPF project in 2005

2006-01-12 09:54:13
In 
<17350(_dot_)25420(_dot_)910833(_dot_)357272(_at_)saint(_dot_)heaven(_dot_)net> 
"Dick St.Peters" <stpeters(_at_)NetHeaven(_dot_)com> writes:

This sub-thread has become about what SenderID calls a scope.  Quoting
from draft-lyon-senderid-core-01.txt:

    3.1 Version and Scope
       [...]
       This document only defines the existence of two scopes: "mfrom" and
       "pra".  The details of these two scopes are defined in other
       documents: "mfrom" is defined in [SPF], "pra" is defined in [PRA].

I read that as saying the SenderID scope refers to the identity being
checked.  Wayne says, in effect, that it refers to the entire process
defined in [SPF]. including the switch to a different identity.

Again, the "MAIL FROM Identity", as defined in SPF, is not now, and
has never ever been, just the value found on the SMTP MAIL FROM
command.  You must do things like remove source routes from the email
address, and if the email address is null, you must create an address
based off of a "postmaster" local-part and the HELO domain.  There is
no "switching identities" involved.

I have seen no evidence that SenderID ever, at any time, considered
the "mfrom" scope to be just the SMTP MAIL FROM value.


This has become operationally less important since the zone cuts were
removed, but [...]

Note that SenderID still requires zone cuts.

removed, but I still regard it as ludicrous to think that a single
policy applies to both MAIL-FROM identities and HELO identities.  My
servers send mail for hundreds of domains, but the servers themselves
are in a domain never used legitimately in a MAIL-FROM.

Falling back to the HELO domain when the MAIL FROM is null was in the
very first SPF draft and was inherited from DMP.  Lots of people have
looked at this very closely and, as GregC points out, in practice
there aren't really any problems.


-wayne

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>