Alan DeKok wrote:
Much of the confusion around these discussions has been a
result of the terms being overloaded, and the participants
not qualifying the context in which they use the terms.
Yes, but in essence it's still "simple", and claims that SPF
"breaks forwarding" are an over-simplification, like your
statement "when the MX has the mail it's delivered".
My point is that it can be "forwarded" behind this MX without
"breaking". Only in one special case the receiver would be
in trouble, if he arranges his "delivery" in a way including
an SPF-test behind the first MX.
Once the MX for your domain gets the message, any final steps
to get it to your physical mailbox is *internal* to your site
Even in that simple and normal case I have a chance to get it
wrong, secondary MX forwards to primary MX, primary MX tests
SPF, FAIL => your sender policy does of course not permit the
IP of my secondary MX, I forgot to white list this beast.
That's not necessarily "internal", but it's certainly my fault.
You'll get a bounce, and maybe you inform my postmaster@ that I
screwed up. No real problem, shit happens, I'd simply fix it.
BTW, in practice I had this problem only once since April 2004,
apparently receivers testing SPF normally get it right. After
all it's no rocket science, "test a.s.a.p. or don't test it".
It is _not_ the historical approach, that's only a legend of
the "bounces-to" camp.
<shrug> For me, it's all "he said, she said".
The "he" was Jon Postel in STD 10, the "she" are later texts.
And "her" claim is that "MAIL FROM" was an error and actually
means "BOUNCES TO" - "history" as you find it in Orwell's 1984.
The MAIL FROM _semantics_ is as it always was since STD 10.
And SPF simply uses it to fix this security loophole in SMTP
today, for those who want it.
And there's the sticking point: "those who want it".
It's about consent. Two adults consenting to do stupid
things is not something anyone can control or prevent. Yet
there's been significant effort in the SMTP community to do
just that.
"Philosophical discussions" about design flaws 16 years after
the fact are difficult - with Wayne's time machine I wouldn't
go back to 2003, but jump directly on the desktop of the 1123
editors. With a loaded gun... ;-)
Bye, Frank