[spambayes-dev] Possible new header parsing option...

[Ryan Malayter]

[combover]
>My one concern with the specification itself, though, is: 
>what's to stop spammers from forging these headers 
>themselves?
 
Nothing, as you've guessed correctly.

>Is there a mechanism in the existing MTA plugins to discard 
>any SPF headers already in place in a received mail? I know 
>this is probably not the best place for those concerns, so 
>maybe i'll subscribe to their dev list...

That would be the correct approach. If a recieveing MTA checks for SPF
compliance, should throw out all other SPF-related headers before adding
its own.

Assuming the MTAs do this correctly, and SPF use becomes widespread (my
domain is one of only 7500 or so registered), these headers will be very
useful clues to spambayes. However, with Microsoft supporting Caller-ID
for Email, and Yahoo! supporting Domain Keys, SPF may not be the
ultimate winner as a sending-host verification standard.

I'm placing my bets on a unified standard ermerging sometime in the next
few years. Spam costs Yahoo! And MS so much money they cannot afford to
bicker about this issue too long.