spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Sender ID when From=Mail From

2006-05-09 23:20:44

On Tue, 9 May 2006, Scott Kitterman wrote:

Just to double check my understanding...

When From and Mail From are the same, there should be no issue associated with Sender ID libraries checking based on a v=SPF1 record, right?

PRA is more then just From header field, so the answer is no.

Now when algorithm does give same answer, then yes, there should
be "no issue".

In practical terms (forgetting about Resent fields which SID is
not using correctly anyway) you can just say that if Sender is
same as MAIL FROM there is no issue.

---

BTW, for those implementing this, I'll stand by the recommendation
I made a while ago (which Frank and few others do not like) - if you
do want to check header fields with per SID do it as follows:

 1. Check existence of Return-Path at the top of the message
 2. Extract Sender field from the message (if no Sender then
    its From: field as per RFC2822 of what Sender field is).
 3. If address/domains from #1 and #2 are the same, do SPF check
    on that domain and use results as prescribed per SPF spec
 4. If addresses from #1 & #2 are not the same:
     a. if there is Return-Path do normal SPF check on that
     b. Do SPF query for address from #2, if the results is
        anything other then "pass" - ignore it. If it is pass,
        then use in same way you would use SPF check pass
        (if the results of checking Return-Path and Sender are
         that one fails and one passes - you're on your own...)

The core of above (which some on this list rightfully object to)
is making an assumption that its ok to use positive results of checking v=spf1 records with Sender field domain (ignoring if fail or softfail).

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>