Izzy Kindred wrote:
The message now arrives at b.com, and is forwarded as follows:
------
Return-Path: b(_at_)b(_dot_)com (or should this be
bounce-manager(_at_)b(_dot_)com?)
From: a(_at_)a(_dot_)com
To: c(_at_)c(_dot_)com
Spf-Forward: <forward-count> b(_at_)b(_dot_)com c(_at_)c(_dot_)com <hmac-sha1
hash>
------
I'd go with mailer-daemon (the server itself) or another bounce-manager
address, because b(_at_)b(_dot_)com isn't really the entity sending the new
message, the server is. Therefore the server's address should be used
as the return-path.
<forward-count> is a counter that increments for each
Spf-Forward header that is added. That way, they can be backtraced in
the proper order.
If the message bounces at c.com's server, it would go bact to
b.com's server, which could then look at the header, validate the
hmac-sha1 hash, and bounce the message back to a.com's server.
That's exactly what I was thinking. I like the idea of adding the hash
in the header entry to help prevent spammers from creating false
bounces.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com