-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frank Ellermann wrote:
Arguably a "secret spamtrap" is compromised if it publishs v=spf1 -all,
but actually it could obscure the -all (e.g. by adding some PASS IPs),
and if a "secret spamtrap" address is forged in a Return-Path it probably
is already compromised.
No part of the above is true. To be a good spam trap, a spam trap needs to
look just like any other e-mail address in every regard, with the sole
exception that it must NEVER be advertised as a recipient address (e.g. by
using it as the sender address in real e-mail sent).
"v=spf1 -all" may be an _indication_ for a spam trap address, though, but
nothing more.
This pretty much guarantees that any RFC compliant MTA will get
blacklisted.
Wrong.
2821-compliant MTAs send DSNs if at all to the originator. Ignore the
part about "as indicated by the Return-Path", that's obviously nonsense
today.
Unless it got an SPF PASS, or you're otherwise sure that the Return-Path
is okay, or you're sure that you don't need to send any unsolicited DSN
later.
Absolutely correct. Never ever send DSNs to unauthenticated return-paths.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE9cr4wL7PKlBZWjsRAs3UAKC7N+L0h0+6luBZUtGaGfiRXNmD9wCffqb7
s6c7MO0QrJyMgebcITH6F+E=
=+snW
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com