On Tue, 30 Nov 2004, Alex van den Bogaerdt wrote:
On Tue, Nov 30, 2004 at 10:43:40AM +0000, Tony Finch wrote:
After further deliberation about source routing and SPF, I have come
around to the conclusion that Frank is to some degree right, and if
you want to use SPF/Sender-ID, you should use source routes.
Source routes require all mail servers to be open relays.
Why?
Source routes don't record the relationship between a(_at_)a, b(_at_)b, and
c(_at_)c(_dot_) In
your scenario the message to c(_at_)c would start MAIL FROM:<@b:a(_at_)a>. A
spammer
who knows that b is a forwarding host can then spam anyone by sending MAIL
FROM:<> RCPT TO:<@b:victim(_at_)target>.
This is why SRS has all the cryptography, in order to provide a secure
replacement for the obsolete and unimplemented RFC821 forward and reverse
paths.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.