spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Sender ID's PRA wouldn't be such a bad idea if... (was: MS Puts SID Patents Under OSP)

2006-11-03 07:15:24
from [Scott Kitterman] [Permanent Link] 
On Fri, 3 Nov 2006 08:42:02 -0500 Jeff Macdonald 
<jmacdonald(_at_)e-dialog(_dot_)com> 
wrote:

On Fri, Nov 03, 2006 at 07:08:30AM -0500, Scott Kitterman wrote:

On Friday 03 November 2006 05:33, Julian Mehnle wrote:

Scott Kitterman wrote:

Here is another v=spf1/PRA incompatibility scenario I ran across 

today

with one of my customers:

Return-Path: <localpart(_at_)mobileemail(_dot_)vodafone(_dot_)net>
...
Reply-To: username(_at_)example(_dot_)com
From: "John Doe" < username(_at_)example(_dot_)com>

Apparently Vodafone (in the UK) use their own return path for 

Blackberry

e-mails.  This would be no problem for SPF, but creates a case where 

the

PRA and Mail From records for example.com need to be different.


Not really.  They could easily add a "Sender: 

(_dot_)(_dot_)(_dot_)(_at_)mobileemail(_dot_)vodafone(_dot_)net"

header.  And I think they should.


The problem is that the 'They' that could do that is vodafone, not my 
customer.  Unless I can figure a way to do that with a Blackberry, I'm 

afraid 

I'm going to have to recommend that he not publish SPF records.


So, are you sure your customer really mean SPF and not SenderID? Ask
him what he's trying to protect. His address or Vodafone's.

I think there is much confusion over the two since both use a record
format called 'SPF'.


He wants to protect his address.  He sends through multiple sources 
(including controlledmail.com - I help my customers with SPF records much 
as I do on spf-help).  The vodafone case is problematic because they don't 
publish an SPF record to include.  There are ways to work around that.

The reason I brought it up here is that it's another clear case where 
evaluating a correct and complete v=spf1 record against PRA produces an 
incorrect result.  This is one that affects end user domains and not just 
ESPs and companies that hire them to send bulk mail.

WRT confusion, agreed.  Non-technical domain owners neither know nor care 
about the difference.  The reality is I have to come up with something that 
works for both SPF and SID or I do my customer a dis-service.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Sender ID's PRA wouldn't be such a bad idea if... (was: MS Puts SID Patents Under OSP), Alex van den Bogaerdt
Next by Date:  Re: [spf-discuss] Sender ID's PRA wouldn't be such a bad idea if... (was: MS Puts SID Patents Under OSP), Scott Kitterman
Previous by Thread:  [spf-discuss] Re: draft-otis-spf-dos-exploit, Frank Ellermann
Next by Thread:  [spf-discuss] Re: Sender ID's PRA wouldn't be such a bad idea if..., Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]