spf-discuss
[Top] [All Lists]

Re: The .forward problem

2003-10-10 12:49:00
In <20031007171026(_dot_)GI2345(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng 
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:

  1) SRS: change the envelope sender.  
  2) per-recipient custom whitelisting.
  3) change SMTP, introducing a COOKIE as Saez has suggested.

I've been thinking about this for a while.

Unless I'm missing something, these solutions are not mutualy
exlusive.

I think it is inevitable that those domains that use SPF (or similar
systems) are going to be the ones that will have to implement a
solution.

So, in the case of alpha(_at_)yahoo(_dot_)com -> beta(_at_)pobox(_dot_)com ->
gamma(_at_)hp(_dot_)com, we have:

If hp.com wants to check SPF systems *and* is willing to accept email
that has been forwarded, it *MUST* do some sort of whitelisting.
pobox.com, after all, may not want to do anything.  This same thing is
going to turn up for many mailing lists that do not put their own
domain in the envelope-from, but instead put the email address of the
person posting to the mailing list.

I don't see much way around this.


If pobox.com wants to allow forwarding of email through their system
or run a mailing list, they *SHOULD* implment SRS, whether or not they
implement SPF.


-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡