20 Jul 18:22
Re: Re: Re: SPF and Google Groups (sending on behalf of)
From: Scott Kitterman <scott <at> kitterman.com>
Subject: Re: Re: Re: SPF and Google Groups (sending on behalf of)
Newsgroups: gmane.mail.spam.spf.discuss
Date: 2008-07-20 16:22:29 GMT
Subject: Re: Re: Re: SPF and Google Groups (sending on behalf of)
Newsgroups: gmane.mail.spam.spf.discuss
Date: 2008-07-20 16:22:29 GMT
On Sunday 20 July 2008 11:48, Alex van den Bogaerdt wrote: > On Sun, Jul 20, 2008 at 11:22:29AM -0400, Scott Kitterman wrote: > > Not everything that misuses SPF records is SenderID. There is a Mozilla > > Thunderbird plugin that does SPF checks against From that predates the > > existance of SenderID. > > This is new to me. If such cases do occur more often, I think it should > be mentioned on the website (or is it already?) http://razor.occams.info/code/spf/ Already mentioned on http://www.openspf.org/Implementations Note that his site says, "The extension uses Sender Policy Framework (SPF) (in a nonstandard way) ...". It didn't mention the non-standard part before I discussed it with him. > If such plugins are common in the field, I have to adjust my conclusion. > In such a case, point to the receiver only, not to SenderId. Most of my > rant is still valid in that case. It is _not_ SPF. Agreed that its' not SPF. I've seen fewer issues related to this is recent years. I don't know if it's less used, working better, or his user base understands its limitations better. > If OTOH such plugins (which do not seem to be used in this particular > case by the way) have existed in the past, were rare then and even rarer > now, they are the exception to the rule and I stand by my original > thoughts. > > > In either case: I feel we should draw a line. The SPF policy is good? The > sending host is authorized? Then it is not an SPF problem. I'm willing > to appreciate the need to point people to that well known bandaid (adding > a "Sender" header) although I think that's already dubious. Agreed. Scott K
RSS Feed