| 1 |
Diego 'Flameeyes' Pettenò wrote: |
| 2 |
> On Wednesday 08 November 2006 21:01, Kurt Lieber wrote: |
| 3 |
> |
| 4 |
>> So, in other words, spammers aren't abusing anything related to SPF. |
| 5 |
>> They're sending mail using forged return-paths and SPF is highlighting |
| 6 |
>> that. Which is exactly what SPF is designed to do. |
| 7 |
>> |
| 8 |
> If I were to send my gentoo mail through a mail.flameeyes.is-a-geek.org, with |
| 9 |
> its own SPF record, (I'm not as this is not a "real" domain I have access to, |
| 10 |
> nor a mailserver for what it's worth), with a From: flameeyes@g.o and |
| 11 |
> a Sender: flameeyes@×××××××××××××××××××.org, would it be a PASS or a FAIL in |
| 12 |
> SPF? |
| 13 |
> |
| 14 |
> |
| 15 |
It doesn't matter what From, Sender or whatever else in the message header. |
| 16 |
The part that counts is the Return-Path (the "mail from:" part of the |
| 17 |
SMTP protocol). |
| 18 |
|
| 19 |
Of course, MUAs such as Thunderbird don't give you the possibility to |
| 20 |
set that and it will be the same as your From address. |
| 21 |
A SPF-capable MTA will PASS your message to the recipient. |
| 22 |
However, SA will add 1.1 to the message spam score because of the |
| 23 |
SPF_NEUTRAL test. |
Archives