In <x4r81kho0j(_dot_)fsf(_at_)footbone(_dot_)midwestcs(_dot_)com> wayne
<wayne(_at_)midwestcs(_dot_)com> writes:
In <20031007171026(_dot_)GI2345(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
2) per-recipient custom whitelisting.
I think it is inevitable that those domains that use SPF (or similar
systems) are going to be the ones that will have to implement a
solution.
If hp.com wants to check SPF systems *and* is willing to accept email
that has been forwarded, it *MUST* do some sort of whitelisting.
pobox.com, after all, may not want to do anything. This same thing is
going to turn up for many mailing lists that do not put their own
domain in the envelope-from, but instead put the email address of the
person posting to the mailing list.
I don't see much way around this.
Welp, I've been think about this some more.
As I said above, I don't see anyway around having some sort of
whitelist of systems that, while they can be trusted to not spew spam,
do not follow the requirements of the SPF system. Ebay.com is one
such example, but I'm sure there are many more.
Instead of forcing everyone to create a whitelist of such machines
from scratch, I have created a DNS-Whitelist called
wl.trusted-forwarder.org that I hope to maintain a list of systems
that should be whitelisted by almost everyone.
I just created the domain this morning, so it isn't available every
where yet. I have also just added a bunch of eBay's MX servers that
people had mentioned "forged" envelope-froms.
While I certainly don't think this kind of global white list should be
mentioned in the RFC, I do think it is something that many early
adopters will want to use. I guess the RFC could allude to the
possiblity of such global DNS-Whitelists existing, but in theory,
these whitelists should eventually be phased out and until they are
phased out, there may be many people who want to create ones in order
to give different standards of "trust".
Right now, you can only access the wl.trusted-forwarder.org DNSWL by
checking the dns.midwestcs.com name server. For example:
(wayne(_at_)footbone) $ dig 13.197.135.66.wl.trusted-forwarder.org
@dns.midwestcs.com +short
127.0.0.1
(wayne(_at_)footbone) $ host 66.135.197.13
Name: mxpool07.ebay.com
Address: 66.135.197.13
(wayne(_at_)footbone) $
If you think this is a good idea, I need people to post/send me
examples of IP addresses of systems that should be whitelisted.
-wayne
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡