I've been testing spf and I must say it is useless because it only validates MAIL FROM not From header. Spamer only has to use domain that does not publish spf in its MAIL FROM (or use own domain where he did publish spf) and he can put anything in From header. And I see they do this a lot.
How about changing SPF in assp to match not only to MAIL FROM but also to From header? Another usefull option would be to force rewrite on MAIL FROM to From header (thus replacing original header). 1) I know that it is against some rfc 2) I know dkim can do validate From header, but there are not many domains with dkim dns records. ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
