On 07/05/2009, Marc Perkel <[email protected]> wrote: > > > Peter Bowyer wrote: > On 07/05/2009, Marc Perkel <[email protected]> wrote:
> I'm not currently using SPF but I thought of a feature that mught make SPF > useful. If there were a test that checked all the received lines > and returned true if any host matched the SPF record it might eliminate > the forwarding issue that SPF breaks. > That would leave a gaping barn-door-sized hole in SPF - a forger could look > up the SPF record for the domain he was forging, and add a forged Received > header claiming the message had been originated correctly. I guess you > could apply this rule to a small whitelist of trusted forwarders, though. > But those people should be using SPF/SRS themselves (mine do). Peter > > Granted that a spammer could forge received headers. Most don't. Eh? Have you looked at many spam samples lately? Or in the last 10 years? > I'm > thinking that not bouncing forwarded email is better than the few spammers > who sneak through. Not spammers - forgers. Providing a way to defeat an anti-forgery mechanism wouldn't be my choice. But hey, if that's what you want.... -- Peter Bowyer Email: [email protected] Follow me on Twitter: twitter.com/peeebeee -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
