-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Philip Tucker writes: > I have a couple questions about SPF and its usage in SpamAssassin. > > 1) Would SPF obselete the FORGED_*_RCVD rules? Not just yet, anyway. They work quite well for the most part ;) > 2) How does SPF deal with senders who are not forwarding a message, but > are sending on behalf of a user? > > We have seen the latter case often with resume sites. e.g., > [EMAIL PROTECTED] submits his resume to HotJobs and responds to a job > posting. An email is sent from whatever.hotjobs.com, but the MAIL FROM > is [EMAIL PROTECTED] We've gotten a lot of false positives this way if > the email address is Yahoo, AOL, or one of the others for which > SpamAssassin has FORGED rules. > > How would SPF address this kind of message? It's my understanding that > a DNS query would be sent to yahoo.com, which would respond with its > outgoing SMTP IP addresses - not containing HotJobs' IP - and cause the > message to be rejected. You're confusing "envelope from" with "From header from". In this case the jobs site is likely to use their own env-from. See http://spf.pobox.com/ for more details. - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh CVS iD8DBQE//FcPQTcbUG5Y7woRApjDAKCN9FDROUMPS3DPmwvbGqyv75Xn2gCeN38f KjHiMNEDHDJkNsXB8dY4Leo= =9P/0 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
