Jon Kyme wrote:
But of course, these source routes MUST NOT be truly *explicit* - or a new
channel for abuse is opened up - the "bounce path".
I found an example about these source routes in RFC2821, Page 75:
Step 2 -- Relay Host to Destination Host
S: 220 xyz.com Simple Mail Transfer Service Ready
C: EHLO foo.com
S: 250 xyz.com is on the air
C: MAIL FROM:<AT foo.com:jpq AT bar.com>
S: 250 OK
C: RCPT TO:<jones AT xyz.com>
S: 250 OK
C: DATA
If the SMTP client IP is designated by 'foo.com' than the session is
verified, mail is acceptable by 'xyz.com'. (And of course it can be spam
but 'foo.com' is accountable for it.)
Can You explain where is the new "bounce path"?
Without a
complementary, and secure, Sender Rewriting Scheme (or something), I can't
see that a system like SPF is much use in the real world.
For me SRS is too complicated. But i am not an expert so it means nothing.
z2
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg