1 |
Diego 'Flameeyes' Pettenò wrote: |
2 |
> On Wednesday 08 November 2006 21:01, Kurt Lieber wrote: |
3 |
> |
4 |
>> So, in other words, spammers aren't abusing anything related to SPF. |
5 |
>> They're sending mail using forged return-paths and SPF is highlighting |
6 |
>> that. Which is exactly what SPF is designed to do. |
7 |
>> |
8 |
> If I were to send my gentoo mail through a mail.flameeyes.is-a-geek.org, with |
9 |
> its own SPF record, (I'm not as this is not a "real" domain I have access to, |
10 |
> nor a mailserver for what it's worth), with a From: flameeyes@g.o and |
11 |
> a Sender: flameeyes@×××××××××××××××××××.org, would it be a PASS or a FAIL in |
12 |
> SPF? |
13 |
> |
14 |
> |
15 |
It doesn't matter what From, Sender or whatever else in the message header. |
16 |
The part that counts is the Return-Path (the "mail from:" part of the |
17 |
SMTP protocol). |
18 |
|
19 |
Of course, MUAs such as Thunderbird don't give you the possibility to |
20 |
set that and it will be the same as your From address. |
21 |
A SPF-capable MTA will PASS your message to the recipient. |
22 |
However, SA will add 1.1 to the message spam score because of the |
23 |
SPF_NEUTRAL test. |