The holder of domain.tld must publish an SPF TXT record in DNS for
their zone file for domain.tld to specify which machines are allowed
to send SMTP messages. The receiving SMTP machine must check where
the incoming connection is and compare it to the list the domain
holder published.
Thus, if domain.tld has specified that only two machines
192.168.12.44 and 192.168.44.33 can send mail via SMTP on its behalf,
if the main is coming from 192.168.55.11, the mail may or may not be
authorized. If the publisher specifies an SPF -A option in their DNS
TXT record, they mean, absolutely do not accept mail from other than
the two machines authorized because it is not a machine the publisher
expects to send mail on behalf of domain.tld.
That is the simplest look at an operating SPF scenario I can come up with.
If you are just exploring SPF, you might want to be aware of some
issues with things like forwarder services and such, but if it works
for your environment, SPF is very useful to prevent domain forgery in
email where the receiving SMTP server supports it.
Best,
WebMaster(_at_)Commerco(_dot_)Net
At 03:25 PM 2/16/2006, you wrote:
Hello.
If SPF only checks the envelope from address, how does it prevent
forgery?
i.e. how does it prevent a user getting an email From:
person(_at_)bank(_dot_)com?
WW
--
Wally Winchester
wally_winchester(_at_)fastmail(_dot_)fm
--
http://www.fastmail.fm - One of many happy users:
http://www.fastmail.fm/docs/quotes.html
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com