[Top] [All Lists]

Re: 551: Do MTAs try forward-path???

2004-03-31 08:00:08
On Wed, 31 Mar 2004 04:33:05 PST, "Martin R. Garcia" 
<martindhx(_at_)yahoo(_dot_)com>  said:

About the 551 reply code:

"...The receiver refuses to accept mail for this user,
and the sender must either redirect the mail according
to the information provided or return an error
response to the originating user..." (rfc821)

Which should be the correct action to take as a

Whats happening "today" on the Internet??? Is there a
"general behaviour"??? Do MTAs go for a redirection of
they choose to return an error response???

Has anybody actually seen this "in the wild"?  I can't recall ever having seen
one of these....

It *may* make sense to revive this - it would be at least partial mitigation of
the b0rkage that things like SPF render unto forwarded mail (as the sending
site can retry the mail directly, and the "MTA validation" will then be looking
at the original site and original MAIL FROM, rather than the SPF-ish b0rkage of
forwarding site and original  MAIL FROM.

We should either deprecate it or add language about the various information
leakage and similar concerns noted by others.

In particular, "never use this info unless the destination MTA is authenticated"
(i.e. so a spoofed MX doesn't let you forward somebody's mail w/o their OK).

Attachment: pgpRSDaC9NTEY.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>