Meng Weng Wong wrote:
Sender rewriting sucks. If there's a better solution, I'm all for it.
I assume that most of your difficulties stem from the forwarding problem.
I have a few forwarder accounts on my own system for some of my friends.
They will eventually have problem getting mail, since 65.64.162.194 is not
a valid sender for all of the domains which mail them.
Since SPF is something that involves changes on the receiving end and not
the forwarder, why not specify something that should be installed at the
same time? That is, when you install SPF, you'd better give your users
some way to whitelist specific recipient e-mail addresses, or it's not
going to work.
Here's the idea. First, some background:
- The account on my server is friend(_at_)example(_dot_)exploits(_dot_)org
- It currently forwards to friend(_at_)isp(_dot_)example(_dot_)com
For my case, he could just whitelist the IP address of my server. It's a
hack, but it would work, since this is the only box who would ever mail
him, and nobody on my system is going to spam him.
I realize there are many cases where this won't work, whether for
technical reasons for idealogical ones. Maybe you don't like whitelisting
entire hosts, or you don't want everyone on those hosts to be able to mail
you. For this, you do something different.
Instead of forwarding to friend(_at_)isp(_dot_)example(_dot_)com, I set it to
forward to
friend-secret(_at_)isp(_dot_)example(_dot_)com or
friend+secret(_at_)isp(_dot_)example(_dot_)com (depending
on the MTA involved), or maybe some third account which is aliased to
him. He then whitelists that specific envelope recipient, and his ISP
will disregard the SPF mismatch when mail arrives for it.
Yes, someone could mail that and spam him, but that's why it's called a
secret. It would have to be leaked by me or by him first. I suppose it
could show up in the mail headers, and someone could see it if he ever
showed someone a complete raw message.
I realize this means changing the mail software at the recipient, but
you're having to do that anyway to add SPF. Nothing changes on the
forwarding/sending hosts, which means you don't need any rewriting hacks,
and they don't need any new software.
I welcome comments. Feel free to rip this apart if you spot a hole.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡