ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: DEPLOY: not at the University of Cambridge

2004-09-10 08:42:19
from [Sauer, Damon] [Permanent Link] 

<snip>

1) When SPF is deployed and used the line between forgeries and 
legitimate will be much sharper.
2) In the corporate world, I am actually going to be able to deploy 
SPF based on the argument that my MAIL FROM: will not be able to be 
forged.
3) Which in turn makes all MY email legitimate. This means if anyone
sends with my domain from a source outside of my defined 

range, you can

identify as a forgery.


The point is that you _cannot_ reliably identify it as a 
forgery unless you're willing to redefine your meaning of 
'forgery' for the purpose; in particular you'd have to 
redefine your meaning of 'forgery' to include a lot of mail 
which a lot of people consider perfectly valid and normal.

Consider the case where you send mail a user at one of my 
virtual domains, and my mail hosts forward it on to the final 
recipient. Some definitions of 'forgery' may include the mail 
which my mail host sends on... but my definition does not.


 In this case it is not my MTA or your MTA that has an issue but one on
the MTA's that you forward to. 
At this point it has less to do with an issue of my SPF record as it is
your issue between your MTA's.
If the receiving MTA does an SPF check, then the MTA that the message is
forwarded to should trust the originating MTA shouldn't it?
If the receiving MTA does not trust the sending MTA in your example,
then why would you allow it to forward through it? Isn't this the same
as an open-relay?
 My internal systems that my gateway systems forward to will not be
doing SPF checks, that is what my gateways are for.
Sounds like an administrative issue that can be resolved.

<snip>

Regards,
Damon Sauer

*****
The information transmitted is intended only for the person or entity to which 
it is addressed and may contain confidential, proprietary, and/or privileged 
material.  Any review, retransmission, dissemination or other use of, or taking 
of any action in reliance upon, this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, 
please contact the sender and delete the material from all computers. 113
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: clarification on consensus call for compromise, Michel Bouissou
Next by Date:  RE: consensus call on pra/mailfrom deployment and versioning/scope, Harry Katz
Previous by Thread:  Re: DEPLOY: not at the University of Cambridge, Tony Finch
Next by Thread:  RE: DEPLOY: IPR [was Re: TECH: use fetchmail algorithm to select header address to verify], terry
Indexes:  [Date] [Thread] [Top] [All Lists]