spf-discuss
[Top] [All Lists]

[spf-discuss] Re: Received-SPF extensions

2007-02-24 19:11:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stuart D. Gathman wrote:
On Sat, 24 Feb 2007, Scott Kitterman wrote:
From an RFC 4408 SPF perspective you do have two SPF results.  One for
Mail From and one for HELO, so I would think that two headers would be
appropriate.  Why are you against them?

That's what I thought at first.  But most of the HELO Received-SPF
header field is redundant, and having both is confusing for those humans
looking at the mail header.  I am not *against* having both, and maybe
I'll have an option to report HELO SPF results in a second Received-SPF
header.  But I dislike the redundancy for aesthetic reasons.

Also, when reputation code is processing Received-SPF headers from a
trusted relay/forwarder to find who to blame for the email, one-stop
shopping is cleaner.

The long term solution is a properly designed "Authentication-Results:" 
header that covers multiple authentication methods and results in a single 
instance.  I still have contacting the "A-R:" people on my SPF TODO list 
but haven't managed to do so yet. :-/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF4O+HwL7PKlBZWjsRAuc4AKCjSIUDhAr/DbLxeDOUpuk4W7XaiQCdGuj4
7imXPp1E1/EmgbTE+AZpBkc=
=P8E/
-----END PGP SIGNATURE-----

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735