Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> the only way it wouldn't is if I
> could relay *through* gmx.net (I'm assuming that I can't?) so that not only am
> I impersonating you, but I'm doing it in such a way that the SPF record
> verifies that it is legit ...
Which is another reason why it doesn't work well - a large percentage
(perhaps the majority) of spam is sent through trojans running on poorly
secured Windows boxes. If Peter were running such a machine, yes, you as
an evil spammer could easily send spam as peter_e@gmx.net through
mail.gmx.net.
SPF just legitimsed that spam :-(
Regards, Dave.