On Mon, 13 Sep 2004, Alan DeKok wrote:
e.g. an SMTP server sees "MAIL FROM: user(_at_)example(_dot_)com".
I have no idea how that server could use that data to determine that
any previous hops existed. Therefore, for the purposes of MAIL FROM
authentication via records in DNS, those previous hops do not exist.
Can you, or Doug explain how the previous hops are relevant to MAIL
FROM authentication via records in DNS? While I understand Doug is
trying, all I've gleaned from his responses have been that "mail is
multi-hop". This may be an attempt to say "a message must pass all
MAIL FROM checks in all hops", but I haven't seen that stated
anywhere, as it seems fairly obvious.
What Doug means is that email can legitimately come to my servers from
an IP address that is not anticipated by example.com because there was an
extra hop in its journey: user(_at_)example(_dot_)com sent the message to
recipient(_at_)alumni(_dot_)example(_dot_)edu which forwarded it to
recipient(_at_)example(_dot_)cam(_dot_)ac(_dot_)uk(_dot_) Therefore example.com
can't correctly say
that my servers will only receive email with an example.com bounce address
from their outgoing email servers, because as you say I have no way of
knowing about the message's previous hops, and example.com has no way of
knowing about recipients' forwarding arrangements.
I cannot work around this problem: I have no reasonable way of knowing
that this forwarding relationship exists, or if I do know about it I have
no reasonable way of maintaining a list of example.edu's outgoing email
servers in order to whitelist them.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
NORTH FITZROY SOLE LUNDY FASTNET IRISH SEA: WEST OR SOUTHWEST 6 TO GALE 8,
PERHAPS SEVERE GALE 9, VEERING NORTHWEST 5 TO 7. SHOWERS. MAINLY GOOD.