Stuart D. Gathman wrote:
But he is the *receiving* (RCPT TO) domain, not the sending domain.
I guess Ralf got that nuance. Thinking a bit longer about it, for a
simple forwarder it should be something like:
Received: from ... by forwarder.example with ... for name(_at_)example(_dot_)com
That's at the top of the DATA as seen by the next hop, and the by ...
might even match the EHLO ... of this forwarder. Digging through To:
and Cc: addresses is madness, we can dismiss that. If there's some
kind of relevant receiver policy it's at the "for" example.com
The RCPT TO at this time is some cheap(_at_)provider(_dot_)example mailbox
The forwarder can have more convoluted setups, e.g. MX and mailout as
separate hops:
Received: from mrn by mon.forwarder.example for
cheap(_at_)provider(_dot_)example
Received: from ... by mrn.forwarder.example for name(_at_)example(_dot_)com
Now the cheap provider has to see that the top timestamp line isn't
what it wants - no rocket science, the @provider.example is obvious,
it will again find the RPF of "for" example.com
But why on earth would it believe a single word of it ? This is most
likely some spammer claiming wild and wonderful things, nothing of it
related to the poor sender or the final receiver
cheap(_at_)provider(_dot_)example
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735