On Fri, Nov 03, 2006 at 08:42:02AM -0500, Jeff Macdonald wrote:
Return-Path: <localpart(_at_)mobileemail(_dot_)vodafone(_dot_)net>
...
Reply-To: username(_at_)example(_dot_)com
From: "John Doe" < username(_at_)example(_dot_)com>
So, are you sure your customer really mean SPF and not SenderID? Ask
him what he's trying to protect. His address or Vodafone's.
He sure wants to protect his address. If he would have tried to
protect vodafone's, he would have failed to do so and would have
been told so. This conversation would not have taken place.
His address is used as sender (RFC821) at his own network. Therefore,
"v=spf1 ip4:<his_number> -all" would be appropriate. This means his
address can be used as sender address from his own IP/network and not
from anywhere else.
However, microsoft thinks it knows better than this group. So,
microsoft is going to use that v=spf1 record and use it for its
own purposes.
Then the blackberry message comes in.
Microsoft lookst at "Reply-To: username(_at_)example(_dot_)com", uses the
SPF record (WHICH IS NOT A PRA RECORD), and matches the sending
host (vodafone) against the record. This results in FAIL.
This bogus FAIL is the reason "John Doe" cannot participate in
the SPF project; thanks to microsoft.
[rant deleted]
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735