Re: more on starttls, gnutls-cli and using tls for mail

[Tim Cross]

On Mon, Aug 15, 2011 at 7:21 PM, David Engster <address@hidden> wrote:
> Tim Cross writes:
>> Is there any technical reason that requires this? I frequently use
>> authenticated smtp, but just auithenticate as one user and send email
>> with from/return addresses of different users with no problems.
>
> Then you've been lucky. See
>
> http://en.wikipedia.org/wiki/Sender_Policy_Framework
>
> -David
>
>

As I understood it, SPF is domain/host based, not individual user
based. All the implementations I've seen use the domain/IP address of
the host, not what is reported in the from line of the address. If yo
think about  it, using the host as reported inthe from address would
completely break the whole framework. Therefore, using different from
addresses is irrelevant.

This does not mean there isn't a case, just that SPF is not it. A
couple of other reasons, mostly specific to gmail and possibly other
web based mail services have been suggested that do seem reasonable.
However, there is nothing at the smtp level I've seen so far.

Tim