Craig Whitmore wrote:
SPF-Record-Classic: v=spf1 ip4:219.88.242.0/27 -all
SPF-Record-MFROM Scope: v=spf1 ip4:219.88.242.0/27 -all
[...]
SPF-Method Result: pass(spam.co.nz:
[...]
SenderID-MFROM-Method Result: pass(spam.co.nz:
[...]
As I only put a spf2.0/pra it should NOT check for the
SenderID MFROM at all. Am I correct?
For a test server what they do is IMO acceptable. In practice
it's of course unnecessary to test the same v=spf1 twice with
the 'mail from' identity. Apparently they forgot to test HELO
or didn't tell you what the result was.
If you publish an explicit spf2-0/mfrom in addition to v=spf1
and they still use only the latter twice it would be wrong.
| Most senders use the same domains in both and therefore
| should publish SPF-Records in version 1 format only.
Hopefully this abuse will be submitted to the IAB in an appeal
within the next 80 hours. The fix recommended by the IESG (add
two dummy 'spf2.0/pra ?all' records) just reiterates what the
spf2.0 spec. incorrectly recommends, the real fix is to remove
four letters in conflict with v=spf1 from the spf2.0 spec.
Bye, Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com