spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The .forward problem

2003-10-07 11:06:11
from [Matthew] [Permanent Link] 
On Tue, Oct 07, 2003 at 01:10:26PM -0400, Meng Weng Wong wrote:


Right now I'm worrying over the .forward problem.



  1) SRS: change the envelope sender.
  2) per-recipient custom whitelisting.
  3) change SMTP, introducing a COOKIE as Saez has suggested.


        I'm in favor of per-recipient custom whitelisting.  (I need to
think more about 1 and 3, as they seem complicated.)  It looks like
the solutions are not mutually exclusive, so more than one could be
used.

        I might have some further improvements on the idea of
per-recipient custom whitelisting:


Solution 2: per-recipient custom whitelisting.



  This assumes pobox.com publishes SPF.  If pobox.com does not
  publish SPF, HP's MTA would return "unknown" and it would have to
  accept the mail.


        If pobox.com does not publish SPF, couldn't HP's MTA fall back
on pobox.com's MX records?  For example: HP's MTA knows that
gamma(_at_)hp(_dot_)com receives forwarding from pobox.com, HP's MTA looks up
pobox.com's SPF records (which do not exists), so HP's MTA looks up
pobox.com's MX records and uses them as a standin for the SPF records.
Hopefully, the pobox.com MTA has an MX record.  In the case of
.forward files, I think it usually will.  This isn't perfect.  But it
might help in many cases.
        But I may be wrong about this: how many MTA's have multiple IP
addresses and use non MXed IP addresses to send outgoing mail?  I do
not know how common this is.


                      Evaluation of Solutions
  
1) pobox.com's MTA has to change: it has to do SRS.



2) hp.com's MTA has to change: per-user whitelisting is rare and
   cutting-edge.  To my knowledge only Colander supports it.


        I believe per-user whitelisting can be done using courier-mta
and maildrop.  (Or courier-mta + any appropriate filter, but maildrop
sprang to mind.)

        But does the whitelisting really need to be done "on the wire"
during the SMTP transaction?  Couldn't it be done later inside some
filter?  The SPF layer could then just add headers that the filter
could look at to evaluate the credibitily of the message.

        -Matthew.
______________________________________________________________________
                                                      
matthew(_at_)syrah(_dot_)us

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  The .forward problem, Meng Weng Wong
Next by Date:  Re: The .forward problem, Ted Cabeen
Previous by Thread:  The .forward problem, Meng Weng Wong
Next by Thread:  Re: The .forward problem, Ted Cabeen
Indexes:  [Date] [Thread] [Top] [All Lists]