spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Fw: SRS vs BATV

2006-02-17 00:40:00
Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:

David Mazieres (no direct replies) wrote:

I brought this up on the MARID mailing list as a potential
problem with Sender-ID.  The responses seemed pretty
unanimous that the PRA does *not* have to be a legitimate
address and that this is fine. "local(_at_)com" is a perfectly
legitimate PRA, at least for Sender-ID.

Oops, that's odd...

...BUT that's not the same as saying that the Sender can be
an address that doesn't exist at all.  It's just something
that you shouldn't use normally, even not for errors.  But
where do you get that it might be completely unusable ?

I get it from the thread that starts here:

http://www.imc.org/ietf-mxcomp/mail-archive/msg03875.html

...
With a PRA PASS from an unknown spammer there's nothing you
can do with it, a PRA PASS without white list is completely
useless.  And it's simple to play games with Resent-Sender
to get a PRA PASS "from" say PayPal.  Until most MUAs are
updated to support PRA.  Damned crazy FUSSP :-(  Bye, Frank

Yeah, but if you update MUAs to display the Resent-Sender PRA or
whatever, why not update them just to pull the envelope sender out of
the Received-SPF header?

David

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>