On Thu, April 3, 2008 05:33, Bob Proulx wrote:

> Who to forge? The answer is "Everyone!" Any address that can be
> obtained from a spam-virus infected PC and any address that can be
> harvested from a web page. Forge them all.

yes a big problem without spf

> They are (mostly) valid email addresses and will pass sender verification.
> Send To: and From: all of them.

shame that sender host does not use spf when verifying it

Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098