On Fri, 3 Nov 2006, Scott Kitterman wrote:
If they *don't* know, then they should do SRS - so that the next MTA
checks their own domain, not a possible Dos victims.
So yes, checking SPF _for_a_given_domain_ more than once is braindead.
Show me a scalable concept for a protocol to automatically avoid it and I'm
all ears.
I just did: SRS
Attacker Forwarder
devil(_at_)evil(_dot_)com ->
SRS0=xf43=evil(_dot_)com=devil(_at_)forwarder(_dot_)com -> recipient
Original sender SPF domain gets evaluated only once.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735