Hi! On Wed, 08 Nov 2006, Alin Nastac wrote:
> Diego 'Flameeyes' Pettenò wrote: > > On Wednesday 08 November 2006 21:01, Kurt Lieber wrote: > > > >> So, in other words, spammers aren't abusing anything related to SPF. > >> They're sending mail using forged return-paths and SPF is highlighting > >> that. Which is exactly what SPF is designed to do. > >> > > If I were to send my gentoo mail through a mail.flameeyes.is-a-geek.org, > > with > > its own SPF record, (I'm not as this is not a "real" domain I have access > > to, > > nor a mailserver for what it's worth), with a From: [EMAIL PROTECTED] and > > a Sender: [EMAIL PROTECTED], would it be a PASS or a FAIL in > > SPF? > > > > > It doesn't matter what From, Sender or whatever else in the message header. > The part that counts is the Return-Path (the "mail from:" part of the > SMTP protocol). Or so it should be. As I've written earlier, some very misguided people not only judge the Envelope-From (i.e. "MAIL FROM" in SMTP-Speak, which usually is identical to the header "Return-Path") against SPF, but also the in-mail header From:. Yes, it's downright stupid because it breaks just about nay mailing software I know. Yes, it's used by at least two larger providers in Europe. No, tech support there soesn't think it's a bad idea after I explained it in easy, friendly words. Idiots. Still: there are two things to keep in mind: 1) Do you "just don't care" about the users of those ISPs. 2) Does Gentoo as a distro want to "advocate" for the usage of SPF (ever so slightly) with the knowledge that it breaks several things? Regards, Tobias PS: Even without those idiots, SPF breaks pre-delivery forwards. But also said that already and it was illustrated why that happens on the "why SPF isn't quite ideal" page someone mentioned earlier in the thread. PPS: Windmills, anyone? -- Never touch a burning system. -- gentoo-dev@gentoo.org mailing list
