Peter Bowyer wrote: > On 07/05/2009, Marc Perkel <[email protected]> wrote: > >> I'm not currently using SPF but I thought of a feature that mught make >> SPF useful. If there were a test that checked all the received lines and >> returned true if any host matched the SPF record it might eliminate the >> forwarding issue that SPF breaks. >> > > That would leave a gaping barn-door-sized hole in SPF - a forger could > look up the SPF record for the domain he was forging, and add a forged > Received header claiming the message had been originated correctly. > > I guess you could apply this rule to a small whitelist of trusted > forwarders, though. But those people should be using SPF/SRS > themselves (mine do). > > Peter > >
Granted that a spammer could forge received headers. Most don't. I'm thinking that not bouncing forwarded email is better than the few spammers who sneak through. And if a spammer is forging received lines that might be detectable if they don't do a good job of it. I think it would be a useful feature if it were in there. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
