When someone generates email which says it comes from my email domain and yet my
servers have had absolutely nothing to do with it, that is WRONG.
Correct would be to honestly put _their_ domain in the "from" field and their
client's domain in the "reply-to" field.
It is really very simple and clearcut.
In fact, because of the liabilities that might occur, I know at least one major
company whose legal department is preparing lawsuits against remailers who send
mail that appears to come from their domain. I can't blame them.
arley
Please respond to spf-help@v2.listbox.com
|--------------------------------------->
| |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| To: |
|--------------------------------------->
>---------------------------------------|
| spf-help@v2.listbox.com |
>---------------------------------------|
|--------------------------------------->
| cc: |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| Subject: |
|--------------------------------------->
>---------------------------------------|
| RE: [spf-help] Kodak, American |
| Greeting, et al. |
>---------------------------------------|
[IMAGE]
I wouldn't say its WRONG, it just by SPFs standard, not allowed. I have many
customers who want to use a "Forward to a Friend" feature and have the return
email address be the person sending the email so the recieving party will know
who it came from. Since this is not allowed, we use another method something
similiar to the email earlier this morning I wrote.
Josh
-----Original Message-----
From: adealey@omnex.com [mailto:adealey@omnex.com]
Sent: Sat 8/28/2004 12:18 PM
To: spf-help@v2.listbox.com
Cc:
Subject: Re: [spf-help] Kodak, American Greeting, et al.
The companies who do this sort of spoofing are simply in the wrong.
Unfortunately there are an unbelievably large number of large companies
who
should know better who do it.
Even when not subverted by a third party, the practice is inappropriate.
And
most of the companies which have services that do this do nothing at all
to
prevent it being subverted by third-parties.
I file complaints with the company about their practices.
And then I tell my users, "Sorry, the service you are using sends email
which
violates acceptable practices." I don't cave in. I also suggest that the
user
complain and find an alternative service (if I know of any, I list them).
Finally, I explain that the service they are using would allow someone
else to
impersonate mail sent from them. Since adding the final note, not a
single user
has complained and many have thanked me.
arley
Please respond to spf-help@v2.listbox.com
|--------------------------------------->
| |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| To: |
|--------------------------------------->
>---------------------------------------|
| spf-help@v2.listbox.com |
>---------------------------------------|
|--------------------------------------->
| cc: |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| |
|--------------------------------------->
>---------------------------------------|
| |
>---------------------------------------|
|--------------------------------------->
| Subject: |
|--------------------------------------->
>---------------------------------------|
| Re: [spf-help] Kodak, American |
| Greeting, et al. |
>---------------------------------------|
[IMAGE]
> American Greetings send greeting cards from their server with the
sender's
> e-mail address as the from address and Kodak sends pictures that
actually
> "belong" to the client from their server with the client's from
address.
>
> Both of these are legitimate because the sending person is actually the
> person who's e-mail address is being used, butit plays havoc with the
SPF
> scheme.
Cary,
Your last sentence above is where the problem lies. For me, as an end
user,
there is absolutely no way for me to know Kodak, etc's policies regarding
authentication. You say "the sending person is actually the person who's
email
address is being used", but that cannot be for sure. When a greeting
card is
sent, there is NO verification that the email address belongs to the
person
typing it.
Regards,
Marc Alaia
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com (Embedded image moved to file: pic02919.pcx)
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com ------- Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or
temporarily deactivate your subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com (Embedded image moved to file: pic32134.pcx)
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com