On Wednesday 20 September 2006 23:34, Frank Ellermann wrote:
Julian Mehnle wrote:
Reality check: Does "authorized and cross-user forgery
impossible" really imply "authenticated" ?
Not necessarily. What's "authentic" gets defined by a
respected authority. In the case of SPF, the domain owner
is the respected authority.
Okay, not the same as the operators of the "hardpass" MSAs.
It's the fault of the domain owner if his op=auth is bogus.
Yes. Maybe the guidance is the MSA operator publishes it in their SPF record
that their customers include:. Then it's the MSA operator making the
declaration.
If somebody will write the code to test it, I'll put it in my MSA records.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com