On Wed, 4 Apr 2007, Michael Deutschmann wrote:
You've missed the most important step:
6a - the MX looks up a "v=tenbox1 ..." TXT record for fwd.example (or
whatever the domain part of the TENBOX token was), and does something
very similar to SPF with it. If the result isn't PASS, then the MX has
detected a "meta-forgery" and should probably just 5xx the message.
That part seems superfluous to me. Why not just use the real
SPF record for the 'fwd.example' domain? I already do that without
the benefit of the proposed AUTH by just trying each forwarder in a
list in turn. That is obviously very inefficient, and the AUTH
protocol would reduce that to trying just one forwarder. So
+1 for AUTH=originaluser(_at_)originaldest(_dot_)domain
and
-1 for special new SPF like record type
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735