Tor Bendiksen wrote:
On Tue, 08 May 2007 16:16:56 +0300, Zdravko Stoychev zdravko@5group.com wrote:
Hi all! Are there any plans to implement SPF-checks in RC? http://www.openspf.org/
Shouldn't this be a MTA task? Or possibly whatever anti-spam solution used.
Agreed! Even that, RC could check message headers and if SPF: FAIL is present, then could show warning banner at least? This would be of great benefit for the end-users. A-la soft of built-in Phishing protection which is based on headers examination. Same could be done (again optional) for SpamAssassin headers.
At least this is the way I use SPF on my servers. I can see how it can be beneficial at the MUA level to a degree, but it could generate a lot of DNS traffic for every message. Caching nightmare either for Roundcube, or the requirement for a local caching name server.
Not something I would like, but perhaps that's just me.
Perhaps suitable as a plugin, once the plugin API is finished?
Could be quite simple to implement using libspf2.so and just one function call. http://www.libspf2.org/
Or just check for Header Fields related to it as "Received-SPF:") in order to notify mail reader about "MAIL FROM:" forgery? Or at least, option to mark messages as spam if SPF: FAIL is detected in the Header. Most of the biggest mail providers as Hotmail, Google etc. and lot of Enterprise/personal mail servers have SPF implemented, including mail servers as Sendmail, MS Exchange, Qmail, Exim, so this is really good thing to have. Microsoft have added support for it with their own RFC http://www.microsoft.com/senderid
Could be handy if it was working with the headers. That would add very little overhead. Once again, a lot of this could be dealt with at the MTA level.
Please note that while MS' SenderID is loosely base on SPF, it is not the same.
See also: http://www.ietf.org/rfc/rfc4408.txt
Regards! Dako