Seth Goodman wrote on Thursday, January 25, 2007 8:46 AM -0600:
If a mailing list does not use this rewriting scheme,
the crypto token in the original MAIL FROM automatically goes away.
If the mailing list does participate, then it creates its own
crypto token, with a new hash for the munged message body, when it
makes the new return-path.
I should clarify this. If a poster that uses SES sends a message to
a mailing list that doesn't use SES, the crypto token in the MAIL FROM
of the original post disappears. If a poster that uses SES sends a
message to a mailing list that does use SES, the crypto token in the
MAIL FROM of the original post is replaced by the new crypto token
when the list MTA creates a new MAIL FROM.
The case that can defeat this scheme is a forwarder munging a message
body but keeping the original return-path. The same behavior would
also defeat DKIM for exactly the same reason, so I think most people
would accept this.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735