>You can argue that envelope header forgery is irrelevant, and that corner
>cases don't matter.  But I think this latest incident provides a good
>counterexample that it does matter.  And it's easy to fix, so why not fix
>it?

Why do you think that the envelope addresses in the spam bore any
relation to the address in the From header?  The from comments (the
so-called friendly name) were randomized, and they came from
compromised servers all over the world, so I'd expect the envelope
addresses to be similarly random.

SPF has some value for some heavily forged domains, but that's about it.

R's,
John

Reply via email to