spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: is sender rewriting really necessary?

2003-10-06 12:02:48
from [Ted Cabeen] [Permanent Link] 
Meng Weng Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

The pobox.com customer complains to HP and to Pobox.com saying because
of SPF he's not getting mail.

Tally:

    ISP        # of complaints
    --------------------------
    ipns.com        1
    hp.com          1
    pobox.com       2

Scenario 1:

 IPNS says, oh, sorry, we'll stop publishing SPF.
 HP says, oh, sorry, we'll stop doing SPF checks.

 Pobox says, thanks, guys, how nice of you.

Scenario 2:

 IPNS says, sorry, we have to do this to protect our name.
 HP says, sorry, we have to do this because spam sucks.

 Pobox says, I guess we just have to deal.

Which scenario is more likely?


There's also scenario 3, where HP whitelists pobox.com, allowing this
kind of forwarding from any IP that forward and back DNS verifies as a
subdomain of pobox.com.  We could even create DNS-based whitelists
that reject forwarded mail from a domain unless it shows up in such a
whitelist.

Quick note:  I think that SPF also breaks /etc/aliases mailing lists
as well.  Are people who have simple lists like this also going to
have to move to something larger with sender-address rewriting?


Now the question is, how will pobox deal: with sender rewriting or
something else?  And if it's something else, we need to come up with it
fast.


Would something like a identd for mail work?  When a mail is received,
you connect to the DNS-identified server of the sender, submit a
messageid and a sender, and get a response as to whether that message
id was sent by that sender?

-- 
Ted Cabeen           http://www.pobox.com/~secabeen            
ted(_at_)impulse(_dot_)net 
Check Website or Keyserver for PGP/GPG Key BA0349D2         
secabeen(_at_)pobox(_dot_)com
"I have taken all knowledge to be my province." -F. Bacon  
secabeen(_at_)cabeen(_dot_)org
"Human kind cannot bear very much reality."-T.S.Eliot        
cabeen(_at_)netcom(_dot_)com

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: is sender rewriting really necessary?, David Saez
Next by Date:  Re: is there a better solution than sender rewriting?, Tim Wilde
Previous by Thread:  Re: is sender rewriting really necessary?, David Saez
Next by Thread:  going by message-id, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]