David Woodhouse wrote:
On Fri, 2005-07-08 at 07:19 -0500, wayne wrote:
I think, if you dig around in the archive, you will quickly find
people who have said that forwarding w/o rewriting is wrong and
forgery. I have seen many people saying something along the lines of
"the problem with stopping forgery is that you have to stop *all*
forgery".
Indeed so. I bet if I dig around in Google, I can find people saying
that the earth is flat. Yet I cannot find a reasoned argument for it
which _doesn't_ boil down to the fact that SPF doesn't work with
forwarding.
Wrong - flat-earthers produce long and convoluted agruments to support their belief - in
just the same way as you do.
If you want to produce a reasoned argument which explains why forwarding without Sender
rewriting is correct, then there will be something to discuss. In the meantime, it is
merely your opinion.
I'm not disputing that fact. If your judgement is that SPF is so much
better than all the other schemes which offer to reduce forgery that
it's worth trying to change the entire world's forwarding practice, then
go for it. Try to get your successor to RFC2821 blessed by the end of
the year, perhaps?
But let's not pretend that there was anything fundamentally wrong with
forwarding in the _first_ place.
Yes there was - forwarding without sender-rewriting is forgery. Period.
I do *not* want any mail I originate to be forwarded without the forwarder taking
responsibility for his actions and declaring his identity by rewriting the Sender with his
own domain name. By originating an e-mail I do *not* inplicitly allow anyone to send it
one using my domain as the sender.
The fact that domain owners, before things like SPF were created,
didn't have a voice about how they think their domain name should be
used, doesn't mean that they all liked that forwarders could send
email claiming to be from them and didn't consider it to be forgery.
Do you have any examples of this being stated outside the context of
SPF? You're suggesting that people were unhappy about the fact that a
forwarding site could forward a _genuine_ mail?
People were unaware that their mail was being forwarded - so they were unlikely to
complain. The reason this is now an issue is because SPF has highlighted the fact that
many domain owners are discovering how much mail is forwarded using theis domain name
without their consent.
Let's not be confused into thinking about the fact that with _some_
forgery-detection techniques, notably SPF, the forwarded genuine mail is
indistinguishable from a faked mail.
A forwarded mail which forges the originators domain is not distinguishable, but a
correctly forwarded mail would be obvious.
That was the 'technical
incompatibility' which we've already agreed about.
Are you _really_ suggesting that people consider it 'forgery' when a
_genuine_ mail is forwarded to its final destination?
Yes - that IS forgery of the originators domain.
Do these same
people also object to backup MX, on the same grounds?
No - I have my MX back-up configured to forward correctly, without forging the
sender.
Do they also object to the use of their _name_ in From: headers from
mailing lists, etc.? After all, I didn't author the mail you're
receiving -- I would never refer to that pobox.com web site in an email
I compose, and neither did I tell you how to deactivate your
subscription; someone else edited my mail and sent it to you and all the
subscribers. Why do they keep my name on it?
You seem to be confusing mail-lists and forwarding. The two scenarios are *totally*
different. When I join a mail-list I am aware of the fact that the headers will be
adjusted to suit the mail-list. If I don't like that I can choose to not join the list.
That is a totally different thing to a forwarder forging my domain without my knowledge or
consent.
Do they also object to the use of their IP address when their packets
are forwarded by routers in the Internet?
You're being fatuous here - we are talking about e-mail forwarding only. Stick
to the point.
If your claim is that normal forwarding is inherently 'wrong' for
reasons _other_ than SPF's incompatibility with it, but those other
things are not also 'wrong', then what is the difference?
You have run out of valid arguments now David. It would be much appreciated if you could
come up with something new regarding the forwarding issue, rather than re-hashing old
arguments ad nauseum. Basically you are wrong. Forwarding without sender rewriting is
forgery and will die in due time.
Slainte
JohnP