On Wed, Jul 06, 2005 at 04:03:16PM +0100, Tony Finch wrote:
And where does it talk about problems with forwarding?
OK. I will spell it out once more:
<quote>
In both the enterprise and the "new address" cases, information
hiding (and sometimes security) considerations argue against exposure
of the "final" address through the SMTP protocol as a side-effect of
the forwarding activity. This may be especially important when the
final address may not even be reachable by the sender.
</quote>
I ("me(_at_)example(_dot_)net") send mail to your user
("youruser(_at_)example(_dot_)org").
You ("youruser(_at_)example(_dot_)org") send mail to your user
("youruser(_at_)example(_dot_)com"). This new mail transaction has a problem.
You used my name as the (forged) sender, so the bounce goes to me:
From "<>"
To "<me(_at_)example(_dot_)net>"
message "I could not deliver your mail to <youruser(_at_)example(_dot_)com>"
Problems:
-1- I didn't send mail to "example.com"; I may not even be able
to reach it.
-1b- Maybe "example.com" cannot reach me. Where does the bounce go?
-2- "youruser(_at_)example(_dot_)org" may not want me to know about the
"youruser(_at_)example(_dot_)com" address.
-3- Maybe my system filters bounces unless they appear to be the
result of something I sent. If I don't send to "example.com",
I don't expect to receive a bounce from "example.com".
All of these problems have nothing to do with SPF. All of these
problems exist because of the way you setup your service. SPF only
makes them visible.
Right. I will not send mail to
"mail_to_user_at_yourdomain(_dot_)org_is_forwarded_somewhere_else(_at_)yourdomain(_dot_)org"
anymore. Thanks for bringing this to my attention.
Sorry for the sarcasm but it really is your problem, not mine.
I hope you don't get upset when your legitimate email bounces because it
failed an SPF check. I *certainly* hope you don't complain to anyone about
it.
If a message is sent by your user (or by you, on his behalf) then it
isn't my mail. You (your system) accepted responsibility for the
message (section 4.1.1.4: "In sending a positive completion reply to
the end of data indication, the receiver takes full responsibility
for the message (see section 6.1).") and if you (your user) decide
to send a new message to a new location, it is your (user's) mail.
If you do not want to accept full responsibility, don't anser
"250 message accepted".
Answer "551 message forwarding from SPF-enabled domain to
SPF-enabled domain <youruser(_at_)example(_dot_)com> not supported" or similar.
Yes, I am aware this is yet another proposal for modifying your service.
Alex