spfdiscuss at alandoherty
Nov 18, 2009, 2:31 PM
Post #4 of 4
(733 views)
Permalink
|
anyone wanting to address the incompatibilities between the two
just needs to mount a spf2.0/mfrom and spf2.0/pra
record
for anyone wanting to look at live use examples feel free to run sender-id or spf checks against this sender addreess
or get in touch and i can give you all the details
{tested via multiple methods}
At 21:19 18/11/2009 Wednesday, Omar Thameen wrote:
>Hi,
>
>I'm following-up on an old post here. For the full thread, see
>http://thread.gmane.org/gmane.mail.spam.spf.help/6738
>
>Is there anyone with an Exchange server who can help me test a DNS
>setting which should address the incompatibility between Sender ID
>and SPF implementations? You'd need to know how to enable Sender ID
>checks in Exchange.
>
>Here's the explanation from my previous post:
>> Since Sender ID misinterprets v=spf1 policy records in the absence
>> of any spf2.0 records (per the RFC), my thought is that adding the
>> spf2.0/mfrom record would tell MTAs using Sender ID to function
>> just like the v=spf1 record. Thus, they would accept the mailing
>> list email because they're only checking the mfrom and not the PRA.
>
>I've been in contact with the affected user, but he isn't knowledgable
>enough about SPF or his Exchange set-up for me to make any conclusions.
>
>Thanks,
>Omar
>
>On Wed, Jul 29, 2009 at 05:09:19PM -0400, Omar Thameen wrote:
>> On Wed, Jul 29, 2009 at 03:22:44PM -0400, Scott Kitterman wrote:
>> > On Wed, 29 Jul 2009 15:06:15 -0400 Omar Thameen
>> > <omar [at] westside> wrote:
>> > >"spf2.0/mfrom"
>> >
>> > I'm not aware of any actual implementations in use in the wild. This is,
>> > if it's treated at all, treated exactly like an SPF record, so publishing
>> > the extra record is just more work and more DNS usage for no point.
>>
>> Pardon me if I repeat myself here, but the point is to compensate
>> for the incompatibilities in the specifications in the two protocols.
>> Currently, I have only v=spf1 records published, and there is at
>> least one known case of a subscriber's mail administrator using
>> Sender ID checks. Enabling Sender ID checks is apparently an option
>> in Exchange.
>>
>> Since Sender ID misinterprets v=spf1 policy records in the absence
>> of any spf2.0 records (per the RFC), my thought is that adding the
>> spf2.0/mfrom record would tell MTAs using Sender ID to function
>> just like the v=spf1 record. Thus, they would accept the mailing
>> list email because they're only checking the mfrom and not the PRA.
>>
>> My hesitation is that I'd be surprised that someone would put together
>> such a complete document as http://www.openspf.org/SPF_vs_Sender_ID
>> without recommending the spf2.0/mfrom record that I'm proposing.
>>
>> In the absence of any obvious shortcomings, I'll give it a try.
>>
>> Omar
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org
>> Modify Your Subscription: http://www.listbox.com/member/
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
|
