suse@rio.vg writes:
I don't understand why SPF blockers don't simply check ALL of the received headers and "pass" if the proper mail server is anywhere in the chain. It's a simple and obvious fix for the problem of forwarding without forcing anyone to change their mail servers...
"For every complex problem there is an answer that is clear, simple, and wrong." -- H. L. Mencken 1) You don't have the Received: headers until the SMTP handshake is completed and the data is transferred. At that point in the protocol, there is no way to reject the mail; the receiving MTA has taken responsibility for it. 2) Any Received: header other than the first (i.e. the last one generated) could be forged. You need to walk back through the headers and identify, at each step, whether you trust the "received by" host to correctly identify the "sent from" host. This is a nontrivial task. -- Alan Hadsell If brute force doesn't work, you aren't using enough.