1) it breaks mail forwarding. http://spf.pobox.com/faq.html#forwarding
All forwarding/aliasing becomes resending?!
We have plenty of "forward-only" accounts, that do not have no local account. Who is the sender of such virtual account -> I will recieve all the DSNs then?!! Arrgh.
Yes that idea is shot out of the water unless you implement some routine that would rewrite the sender. Note that there is much more to it than rewriting the sender: you also have to verify that each bounce coming back in really passed through your host on its way out, or else you're an open relay. Proposed methods include keeping a database or putting a code in the headers as you send. Forwarding is going to be tough.
The better solution would be referrals like web servers do. When the sender host says RCPT TO: one of these addresses, you send back a response stating the forwarding address, and the sender host then closes the smtp session. But SMTP and ESMTP do not provide for this!
2) it does not protect the From: http://spf.pobox.com/faq.html#whichfield Actually for many concerns of mine this is exactly what I want (that the From: header is set by the user as s/he wishes).
But I cannot see how I setup a MUA to use this From: header and that envelope sender. Does somebody has some pointer to information about this topic?
I don't know of any MUA that allows this. Probably (a) because it is so hard to explain why there are two sender addresses and what they are for and (b) ironically to prevent fakery.
Consider the following scenario: You know the large Call Centers around that get phoned for support by customers often of many different companies. Move that over to email support. Consider an email support center named "support.com" for companies "comanyA.com", "companyB.com" a.s.o. When I consider SPF right, the mails send by the support center must use the envelope address "[EMAIL PROTECTED]", but the recipients must see "[EMAIL PROTECTED]", when doing bussiness for company A respectively.
Well, if it is OK with you for support.com to send mail as your domain, then you include support.com's IPs in your SPF record and it works. They don't need to be IPs you own and their hostnames do not matter. The sender domain is matched to that domain's SPF record.
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
