spf-discuss
[Top] [All Lists]

Re: SRS requirements

2004-01-14 12:31:08
In <20040114183412(_dot_)GA6875(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

So we have the following (possibly conflicting) requirements:

1) we want to preserve as much as possible of the original sender in the
   rewritten address, because a final recipient may want to use it.
2) we want to respect the 64 char limit.
3) we want to insert a cookie to prevent open relaying.
4) we want to avoid the use of a database where possible,
   because a database requires centralization and is a single point of
   failure.  SPF may stand for many things, but that shouldn't be one of
   them.

Plan C: database

    What if the incoming email address is already at
    MAX-LOCALPART(_at_)MAX-DOMAIN?  You can't preserve the whole thing; you 
have
    to break 1 and 4 if you want to keep 2 and 3.

In order to keep from break requirement 1) too badly, all that would
need to be done is to create a simple hash of the original
envelope-from and put it in the local part.  So, the format of the
rewritten envelope-from could be:

<base64_encode(CRC32($original_envelope_from))>-<unique token>@bounce.foo.com



-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>