warning to list
David Woodhouse
dwmw2 at infradead.org
Tue Oct 26 07:48:44 UTC 2004
On Mon, 2004-10-25 at 21:07 -0400, Sean Middleditch wrote:
> On Tue, 2004-10-26 at 08:56 +0800, Jeff Pitman wrote:
> > On Tuesday 26 October 2004 08:36, Sean Middleditch wrote:
> > > It protects all parts of
> > > an email, including the From header, which is what is most important
> > > in terms of forgery (such as the mail we're discussing).
> >
> > In other words, all forms of forwarding email addresses will be down the
> > toilet (sf.net, berlios.de, etc.). Otherwise, you expose two emails
>
> No. You fix them. Back to the accreditation service point if you want
> to be lazy and avoid a very simple fix on the forwarding service end.
Right. SPF, if it's to work, requires the whole world to 'upgrade' to
make the initial flawed assumptions of SPF come true.
This is in the same world which hasn't actually managed to make ESMTP
ubiquitous yet.
Meng and the others are living in a dream world.
Paul Iadonisi writes:
> Especially if they have no forwarding issues, it may be
> an entirely appropriate and beneficial thing for Red Hat to do.
How do they _know_ they have no forwarding issues -- that they never
send mail to a forwarding address? I'd certainly be surprised if that
were the case. There a countless cases of a non-technical company
getting someone to register a domain and set up a web site somewhere,
and forwarding all mail to that domain to the company's single real AOL
address. Is it appropriate for Red Hat to declare that they don't ever
want to send mail to such people? Or others who use .forward files or
virtual domains to forward mail?
--
dwmw2
More information about the fedora-devel-list
mailing list