On Wed, 2004-07-28 at 10:11, Andrew Newton wrote:
On Jul 28, 2004, at 12:11 PM, Ryan Ordway wrote:
fleeblebur.org, let's say, has 3 MX hosts,
ralph.fleeblebur.org with a priority of 0, fred.fleeblebur.org and
bob.fleeblebur.org both with a priority of 10. ralph
may have a valid user list, being the primary MX host
which will handle the majority of mail. fred and bob
may not, being simply configured to spool mail until
ralph is back online.
In this scenario, now that a given message is
coming from trusted hosts, will Sender-ID be effective?
Are you saying that ralph cannot trust the data coming from fred and
bob? If so, then there is a larger problem here.
Only that messages are stored and then forwarded.
CSV could help this, but its utility here is allowing ralph to convert
its IP-based whitelist to a domain-based whitelist. I assume that CSV
is being designed for inter-domain MTA authentication/authorization
because intra-domain problems can be solved in other ways (some that
need no standards work and others that are already standardized).
Although CSV could help make these intra-domain configurations safer,
the problem was about how a resulting bounce is handled. Remember,
Sender-ID ignores the RFC 2821 MAIL FROM. The defense against the
bounce that once justified publishing these records has been removed by
the PRA algorithm.
Regardless, what is stopping ralph, fred, and bob from doing Sender-ID
or SPF checks?
If these checks are not done as messages are received, or where the
sender is spoofing a domain with an open list or no records, then even
with the checks, the mail is accepted and then bounced.
-Doug