spf-discuss
[Top] [All Lists]

RE: [spf-discuss] Re: "pretend" MAIL FROM

2007-03-14 06:22:36
Scott Kitterman wrote on Wednesday, March 14, 2007 7:02 AM -0600:

On Wednesday 14 March 2007 04:51, Seth Goodman wrote:

The reason you have to apply the list of your users' trusted
forwarders is because the zone cut method for finding the parent
domain of an HELO FQDN is deprecated.

It's actually stronger than that IMO.  No such thing exists in SPF. 
If you are doing zone cuts to find parent domains, you are not
doing SPF.

That's correct.  Zone cuts are no longer part of SPF, though they
were in earlier drafts.  The objection to this was the load on DNS.
If you restrict the search to a local resolver, or any other local
store, that's no longer a problem, but I didn't mean to imply that
this was SPF.

Actually, any kind of guess is contrary to SPF, since the recipient
provides the record, not the sender.  Doing zone cuts, whether to
find an SPF record published by the sender for a parent domain, or
a local record provided by the recipient, are not SPF because the
recipient is guessing the sender's intent.  We're just talking
about different variations of a best guess that might handle
forwards in the absence of SRS, and in the absence of SPF records
for the forwarder's HELO FQDN's.

-- 
Seth Goodman

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735