On Sun, Jul 20, 2008 at 11:22:29AM -0400, Scott Kitterman wrote:
Not everything that misuses SPF records is SenderID. There is a Mozilla
Thunderbird plugin that does SPF checks against From that predates the
existance of SenderID.
This is new to me. If such cases do occur more often, I think it should
be mentioned on the website (or is it already?)
If such plugins are common in the field, I have to adjust my conclusion.
In such a case, point to the receiver only, not to SenderId. Most of my
rant is still valid in that case. It is _not_ SPF.
If OTOH such plugins (which do not seem to be used in this particular
case by the way) have existed in the past, were rare then and even rarer
now, they are the exception to the rule and I stand by my original thoughts.
In either case: I feel we should draw a line. The SPF policy is good? The
sending host is authorized? Then it is not an SPF problem. I'm willing
to appreciate the need to point people to that well known bandaid (adding
a "Sender" header) although I think that's already dubious.
Alex
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com