On 07/05/2009, Marc Perkel <[email protected]> wrote: > I'm not currently using SPF but I thought of a feature that mught make > SPF useful. If there were a test that checked all the received lines and > returned true if any host matched the SPF record it might eliminate the > forwarding issue that SPF breaks.
That would leave a gaping barn-door-sized hole in SPF - a forger could look up the SPF record for the domain he was forging, and add a forged Received header claiming the message had been originated correctly. I guess you could apply this rule to a small whitelist of trusted forwarders, though. But those people should be using SPF/SRS themselves (mine do). Peter -- Peter Bowyer Email: [email protected] Follow me on Twitter: twitter.com/peeebeee -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
