5 May
2006
5 May
'06
6:45 p.m.
Kenneth Porter wrote:
On Friday, May 05, 2006 8:42 AM -0700 Marc Perkel <marc@perkel.com> wrote:
I'm also am thinking about senders like Paypal and banks who are often spoofed. If the limited all their outbound email to sending over IMAP then they might be able to create a more secure sytem and because of their restrictiveness be able to somehow create a less spoofable more identifyable system.
MTA's can check SPF records when accepting mail and add headers to indicate whether the sending MTA has valid SPF. For example, sendmail together with a suitable milter (I use MIMEDefang and Spamassassin) can do this. Your MUA then needs to check the result and present it as evidence of spoofing.
SPF breaks email forwarding.