Stuart D. Gathman wrote on Tuesday, November 21, 2006 11:15 AM -0500:
I've heuristically identified some conditions which make me change
the MAIL FROM to <>:
I assume you mean "check RCPT TO: for a valid signed return-path
address".
1. MAIL FROM is postmaster(_at_)(_dot_)(_dot_)(_dot_)
2. From: header field is postmaster(_at_)(_dot_)(_dot_)(_dot_)
3. Content-type: header field has report-type=delivery-status
What is MAIL FROM: in these last two cases?
The problem with the last two, is that it is too late to reject
before DATA.
The problem with the first two that postmaster *should* be able to
send email. Sigh.
I see the problem. This does complicate rejecting bogus DSN's. To
the extent that you need to accept these malformed DSN's and you
still want to protect yourself from forged bounces, there is not
much choice. This still doesn't interfere with postmaster sending
you ordinary mail, and you still reject bogus DSN's that don't meet
one of the three criteria you listed. The last two are particularly
annoying. What MTA's do this?
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735