spf-discuss
[Top] [All Lists]

[spf-discuss] Re: "pretend" MAIL FROM

2007-03-13 08:28:57
Stuart D. Gathman wrote:
 
 [before you]
check SPF for randomdomain.com, you check SPF as if the MAIL FROM was:
 
MAIL FROM: <postmaster(_at_)myforwarder(_dot_)com>
 
instead.

If that gets a pass, then you know the mail was forwarded (and SPF
checking on the actual MAIL FROM is useless).

I'd call that "white listing based on a HELO PASS" instead of some
"pretended MAIL FROM".  The latter is fine to explain the concept
of SPF checks in the case of an empty MAIL FROM.  But in your case
the MAIL FROM isn't empty.

If myforwarder.com doesn't actually have an SPF record, then some
SPF libraries (e.g. pyspf) will allow you to supply a substitute
that you figure out and maintain yourself.

Is that something like a "wannabe-white list" for forwarders, adding
a "best guess" policy "v=spf1 a ?all" (or similar) for their HELO ?

Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735