-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robin Rowe wrote:
Hi. Question from new spf user. The email header below has a return-path
to a spammer but a forged From of ebay.com. Why wasn't it REJECTED?
Because smtp03.ebay.com (the "From:" domain) has neither an SPFv1
("v=spf1") nor a Sender ID ("spf2.0") record, so that domain is NOT
protected, as opposed to the domain ebay.com, for example. However,
smtp03.ebay.com is not an existing domain, so the forgery should be
trivially detectable by any spam filter that isn't completely brain-dead.
Also, be aware that SPFv1 does not protect the "From:" domain. (Sender ID
and DKIM do.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFExST3wL7PKlBZWjsRArIyAJ42AzjM6+56lDMyPMHB7q2N3nvYcgCfU+IH
fLSKAJf8ptexUdj7dBiwXNI=
=0bPD
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com