-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse wrote:
On Tue, 2005-07-05 at 20:32 +0200, Julian Mehnle wrote:
Absolutely true. Note, however, that they don't have to refrain from
rejecting on SPF "Fail" for _all_ the mail they receive, but just for
that received from their configured forwarders.
Er, the whole point was they they can't _tell_ which mail is from
forwarders, 'configured' or otherwise.
Well, maybe that is _your_ point, but reality requires it to be wrong, and
here's why:
Receivers _must_ know "their" forwarders in order to trust them, otherwise
everybody could just claim to be a forwarder and abuse the e-mail system.
This does not apply just to envelope sender forgery, but to any type of
abuse, which will ultimately have to be translated into reputation for the
sender. (In this regard, by the way, subscribing to a forwarding service
isn't really any different from subscribing to any other type of e-mail
service such as a mailing list or newsletter.) If abusers were allowed to
evade accountability, e.g. for (ab)using any envelope sender whatsoever,
by just claiming to be forwarders, the system would be guaranteed to die.
Now you could still say that it is practically impossible for receivers to
know their forwarders, but the logical consequence of that position would
be to entirely abolish forwarding as we know it today. If you want to
move into that direction, you might want to try getting "551 User not
local; please try <forward-path>"-style redirecting widely implemented
(see RFC 2821, section 3.4). This might actually be worthwile.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCyv5XwL7PKlBZWjsRAqhHAKDlLGSQxYQFfpwS3kTbQLCmt2WypQCgmPZq
0If4PaBlYA19KJBgQK2TlAU=
=v3vg
-----END PGP SIGNATURE-----