-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse wrote:
On Sat, 2008-01-05 at 09:47 -0700, Edmig wrote:
But it does have to correlate with the IP address used by the sending
host. Which raises the question again - why not just use the HELO
name to authenticate an incoming IP address?
No reason. See http://mipassoc.org/csv/
Works just as well as SPF, giving you an authenticated label which you
can use in your reputation database. [...]
Except that it doesn't differentiate between multiple domains served by a
common mail server.
And of course it doesn't even try to stop the MAIL FROM forgery.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHf8h8wL7PKlBZWjsRAi3zAJ9hPn6yKnASR6eECOatI3iUU2yQ3gCeOmdH
T/niVBWvLRgBrlI5h7WB/ag=
=Unpy
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=82188090-33102a
Powered by Listbox: http://www.listbox.com