Peter Bowyer wrote: > On 07/05/2009, Marc Perkel <[email protected]> wrote: > >> Peter Bowyer wrote: >> On 07/05/2009, Marc Perkel <[email protected]> wrote: >> > > >> I'm not currently using SPF but I thought of a feature that mught make >> > SPF > >> useful. If there were a test that checked all the received lines >> and >> > returned true if any host matched the SPF record it might eliminate > >> the >> > forwarding issue that SPF breaks. > > >> That would leave a gaping barn-door-sized hole in SPF - a forger could >> > look > >> up the SPF record for the domain he was forging, and add a forged >> > Received > >> header claiming the message had been originated correctly. >> > > I guess you > >> could apply this rule to a small whitelist of trusted >> > forwarders, though. > >> But those people should be using SPF/SRS >> > themselves (mine do). > > Peter > > > >> Granted that a spammer could forge received headers. Most don't. >> > > Eh? Have you looked at many spam samples lately? Or in the last 10 years? > > >> I'm >> thinking that not bouncing forwarded email is better than the few spammers >> who sneak through. >> > > Not spammers - forgers. Providing a way to defeat an anti-forgery > mechanism wouldn't be my choice. But hey, if that's what you want.... > > >
I'm thinking that forgers would be less of a problem that false positives produced by forwarded email. I'm more concerned about false positives which are far more common under SPF. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
