On Sat, 2010-07-17 at 00:40 -0700, Marc Perkel wrote:
> As it is now SPF checks the sender domain against the connecting IP
> address. It would be more useful if it were expanded to allow me to pass
> a different domain and to pass a different IP address.
But that would be looking up a different set of data that SPF in the
context of an SMTP transaction is not designed to
validate/verify/authorise.
> I might want to check the domain of the from field.
Erm...
> I might want to check the IP addresses in the received lines for SPF match.
Erm...
For both of the "Erm..." lines above, substitute "Which may be forged".
You're trying to twist the SPF spec way beyond the boundary - I
appreciate that useful results can come of things like that
occasionally, but this strikes me as being doomed to failure.
Anyway: with judicious use of the "dnsdb" lookup, the tools you need
exist already.
Graeme
