On Fri, 2006-02-17 at 15:01 +1300, Craig Whitmore wrote:
CBV is
"
MAIL FROM: <>
RCPT TO: isthis(_dot_)emailaddres(_at_)real
QUIT
"
I would only call that a CBV if "isthis(_dot_)emailaddress(_at_)real" appeared
as
an argument to a MAIL FROM: that you received, since that test only
tests whether that's an address that could possibly receive bounces, not
whether that's an address that could possibly receive normal emails.
If you reject the RCPT TO: when the MAIL FROM is <> with BATV
then CBV would break
You seem to be using the term CBV to describe testing a
normal-email-address with MAIL FROM of "<>".
While IMHO that's a misuse of the term, more importantly it's a problem
because you can't reliably test normal email addresses (as opposed to
potential bounce addresses) with a MAIL FROM of "<>".
At best, you can try testing them with VRFY, (which is mostly disabled
nowadays), or you can "begin" to send a test email using a non-null,
valid, and unforged MAIL FROM:<> address (1) and use a RCPT TO: argument
of what you want to "test".
But a machine running SES or BATV should IMHO reject bounce tests ("MAIL
FROM:<>") with a RCPT TO: being an unencoded recipient address.
(This is reminiscent of SenderID using v=spf1 records (intended for spf1
mailfrom and helo "scopes") in a PRA scope instead. While it may work a
lot of the time it's still guaranteed to render incorrect answers in a
number of cases.)
(1) And of course be prepared for a CBV to come back again
to you with that MAIL FROM. (!)
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com
770-933-3250
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com