-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Can't > someone still forge the user name as long as the domain > name is correct for the originating IP address or will that > take yet another change in all MTA's to enforce before this > one is very useful?
Let's say that the SPF record for futuresource.com says that the allowed relay is mail.futuresource.com. This means that mail coming from mail.futuresource.com (as the relay) is legitimate and that all other mail is likely to be forged. Now, why would mail.futuresource.com allow someone to spoof the envelope sender from its own domain? For example, my mail server has been configured to check all envelope sender addresses which are from local domains. Therefore, I can't send a message with an envelope sender of [EMAIL PROTECTED] If SPF was widely adopted, these two measures would effectively stop forgery of all wiktel.com addresses. On the other hand, if you simply want to be able to tell if a given address is valid, that's easy enough to check. Simply connect back to the MX records for the sending domain and do: MAIL FROM:<> RCPT TO:<[EMAIL PROTECTED]> Code for this has been posted on the list before. This allows you to drop completely invalid addresses. Richard Laager Wikstrom Telecom Internet -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQRgPY231OrleHxvOEQLVvACg6r68vySTWULpxAWhEAghQ94yHJoAnRB3 Enn6ldflDqBL4/xP9Sc9w9r9 =q69y -----END PGP SIGNATURE----- _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang