----- Original Message -----
From: "jpinkerton" <johnp(_at_)idimo(_dot_)com>
Sent: Sunday, December 05, 2004 5:17 AM
Subject: Re: [spf-discuss] Re: RFC 2821 and responsibility for forwarding
Just a small comment here -
Surely a forwarder *is* a sender - he receives an e-mail and re-injects it
into the system - with various manglings of the headers according to his
whim. The re-injection of an e-mail is "sending" an e-mail - therefore he
is a sender.
No. He's not. He didn't write it: he didn't create the content, he shouldn't
get the bounce message or the time-outs if it fails, his postmaster doesn't
want to see most of the types of error messages. Your perception of it is
common and not unreasonable, but I think it's mistaken.
Forwarding is a fact of life in email: Many systems have allowed it over the
years for many reasons, such as passing along email from an old address to a
new address, or to funnel email from many servers to one receiving account.
We need to be cautious not to simply break things under people, because they
will then not adopt such useful techniques as SPF because the old boss likes
to use .forward the way he's used to, to bounce his email to his home
account as well as his business account when he's on the road (for example).
I have never understood why forwarding is such a problem - it is in the
hands of the receiver. Anyone (even me) can set up various MTA's (my ISP
maybe) to forward mail to them - and in doing so the responsibility for
ensuring that the mail is correctly sent on to the recipient falls fair
square on the recipient. It's the recipients decision to have his mail
forwarded/resent, so it's up to him to get it right.
Unfortunately, the hole required to allow typical behavior with no change in
either the protocols or the standard forwarding is a large and gaping one
that conveniently allows spammers and forgers to fake traffic. It is
*precisely* the type of hole that SPF helps close.