On Tue, May 01, 2007 at 02:10:42PM +0000, Julian Mehnle wrote:
http://www.openspf.org/Best_Practices/Webgenerated
This page in no way encourages sender address forgery. Please learn about
the meaning of the "From", "Sender", and "Reply-To" headers. It then
should become clear that what said page recommends does not constitute
sender address forgery.
Indeed. See the last line: "the least you can do is to keep the bounces
from actually going to <president(_at_)whitehouse(_dot_)gov>."
However, this is precisely what Dan is doing wrong IMHO.
(side note: I use "user(_at_)example(_dot_)com" instead of
"president(_at_)whitehouse(_dot_)gov").
Original situation: Dan had a service, and he expected
"user(_at_)example(_dot_)com"
to deal with bounces that occured because of Dan's service.
Next: SPF got in the way. Example.com didn't want Dan to use user's
email address. This is why example.com published a policy. Now Dan is
no longer able to send his ecards.
Next: Dan modified his service, and Dan's site now uses Dan's email domain
to send his ecards.
---> so far so good <---
Next: Dan is collecting bounces, and sends them to user(_at_)example(_dot_)com
just
like in the original situation.
In other words: No problem is "solved" (see subject). All Dan has done
is to work around SPF, and while doing so he goes directly against the
spirit of SPF.
Does this sounds harsh Dan? That is because either
a) you still don't understand the problem.
or
b) you don't care.
I just hope it is (a), because in that case a dialog is possible.
And here's another thing: you might not be fully aware of the dangers to
your (certainly well intentioned) service (and it applies to thousands of
similar services, too!):
Hear hear.
Dan, please don't shoot the messenger. I may bring bad news to you, but it
is because of what you (and others) are doing that SPF exists in the first
place.
SPF is not about spam. SPF is about forgery.
Alex
-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com