On Sat, Nov 11, 2006 at 10:16:32AM -0700, David MacQuigg wrote:
If the SPF
check is done before the body of the message is received, it ought to go
just below the Received: header.
Two intermediate hosts, one doing SPF verification the other not.
"
Received: by xyz from spammer for x
Authorized: spammer is an authorized sender for y
"
"
Received: by abc from spammer for x
Authorized: spammer is an authorized sender for y
"
Which relay added the (fictious) 'Authorized' header, and which relay
accepted the same header from the spammer?
Answer: you can't tell.
Now the reverse order, if the relay adds an 'Authorized' header,
it does so above 'Received':
"
Authorized: spammer is an authorized sender for y
Received: by xyz from spammer for x
"
"
Received: by abc from spammer for x
Authorized: spammer is an authorized sender for y
"
Same question.
Answer: the last example shows that this relay did not insert the
'Authorized' header, and the second last example shows that it did.
_If_ I trust both 'abc' and 'xyz' (for whatever reason), then there's
only one out of these four examples where I can use the 'Authorized' header.
It is the one where 'Authorized' appears above 'Received'.
Alex
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735