spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Re: SPF and Google Groups (sending on behalf of)

2008-07-20 09:26:46
On Sunday 20 July 2008 11:48, Alex van den Bogaerdt wrote:
On Sun, Jul 20, 2008 at 11:22:29AM -0400, Scott Kitterman wrote:
Not everything that misuses SPF records is SenderID.  There is a Mozilla
Thunderbird plugin that does SPF checks against From that predates the
existance of SenderID.

This is new to me. If such cases do occur more often, I think it should
be mentioned on the website (or is it already?)

http://razor.occams.info/code/spf/

Already mentioned on http://www.openspf.org/Implementations

Note that his site says, "The extension uses Sender Policy Framework (SPF) (in 
a nonstandard way) ...".  It didn't mention the non-standard part before I 
discussed it with him.

If such plugins are common in the field, I have to adjust my conclusion.
In such a case, point to the receiver only, not to SenderId.  Most of my
rant is still valid in that case. It is _not_ SPF.

Agreed that its' not SPF.  I've seen fewer issues related to this is recent 
years.  I don't know if it's less used, working better, or his user base 
understands its limitations better.

If OTOH such plugins (which do not seem to be used in this particular
case by the way) have existed in the past, were rare then and even rarer
now, they are the exception to the rule and I stand by my original
thoughts.


In either case: I feel we should draw a line.  The SPF policy is good? The
sending host is authorized?  Then it is not an SPF problem.  I'm willing
to appreciate the need to point people to that well known bandaid (adding
a "Sender" header) although I think that's already dubious.

Agreed.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com