Bill Sommerfeld <sommerfeld@xxxxxxx> wrote: > > I have not been able to find a concise description of exactly what havoc > will ensue wayne <wayne@xxxxxxxxxxx> wrote: > > Also, one of the open issues with SPF is the ability to deal with > forwarded email. One of the most promising solutions to this problem > will break if the MARID proposal is used. See section 9.3.1.2: > http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#forwarding To expand on what wayne said, the hack described in 9.3.1.2 allows SPF and systems like BATV (http://mipassoc.org/batv/) to work very nicely together. The problem occurs if the SPF record is interpreted according to Sender-ID and the PRA is used instead of the return path. Techniques like BATV distinguish between the return path and other sender-related email addresses, such that those addresses in the message header used by Sender-ID do not include the crypto token. Therefore the stunt DNS server that handles the SPF lookups will cause Sender-ID implementations to reject the message because they will not include the crypto token in their queries. Tony. -- f.a.n.finch <dot@xxxxxxxx> http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR GOOD. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf