[mail-vet-discuss] IETF Last Call complete, -18 draft posted
Scott Kitterman
mail-vet-discuss at kitterman.com
Wed Dec 3 17:55:54 PST 2008
On Wed, 3 Dec 2008 17:27:43 -0800 Douglas Otis <dotis at mail-abuse.org> wrote:
>
>On Dec 3, 2008, at 4:02 PM, Scott Kitterman wrote:
>
>> On Wed, 03 Dec 2008 10:17:17 -0800 "Murray S. Kucherawy"
<msk at sendmail.com
>> >
>> wrote:
>>> The most notable syntactic change involves SPF and Sender-ID, where
>>> the local-part should be omitted from the reported authentication
>>> result since those methods don't specifically evaluate that
>>> information.
>>
>> I'm sorry, I guess I must have zone out and missed this discussion
>> during last call. This is not correct. Much like DKIM, SPF
>> normally works at the domain level, but senders can define records
>> that allow different results based on the localpart of the Mail From.
>
>Can you explain a practical use for the SPF record's dangerous local-
>part macro that returns positive results pertaining to an email-
>address local-part? A positive result based upon a local-part offers
>a simple means to spoof the domain from any address. :^0
>
Yes.
No one said anything about exclusively using localpart. That would be
foolish.
Scott K
More information about the mail-vet-discuss
mailing list