In <x4r81kho0j(_dot_)fsf(_at_)footbone(_dot_)midwestcs(_dot_)com> wayne
<wayne(_at_)midwestcs(_dot_)com> writes:
In <20031007171026(_dot_)GI2345(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
1) SRS: change the envelope sender.
2) per-recipient custom whitelisting.
3) change SMTP, introducing a COOKIE as Saez has suggested.
I think it is inevitable that those domains that use SPF (or similar
systems) are going to be the ones that will have to implement a
solution.
So, in the case of alpha(_at_)yahoo(_dot_)com -> beta(_at_)pobox(_dot_)com ->
gamma(_at_)hp(_dot_)com, we have:
[ ... ]
If pobox.com wants to allow forwarding of email through their system
or run a mailing list, they *SHOULD* implment SRS, whether or not they
implement SPF.
I need to add to this.
If pobox.com uses SPF and it allows forwarding email through their
system, then it *MUST* also use SRS. This is so that the next hop
can correctly verify the envelope-from.
So, systems that use SPF, *MUST* do both SRS and whitelisting for
those systems that don't do SRS or have "bad" mailing list software.
Systems that do fowarding *SHOULD* do SRS, but are not required to.
Similarly, systems that run mailing lists *SHOULD* put their email
address in the envelope-from rather than use the email address of the
poster. Any mailing list software that doesn't do this already will
cause bounces to be sent to the poster, which is really annoying.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡