On Tue, Oct 21, 2003 at 12:08:54AM +0100, Roy Badami wrote:
* a clear statement that it is the responsibility of the _receiving_
party to solve this problem, eg by whitelisting, or by ensuring that
the forwarders all comply with SRS or something similar, before
deploying SPF checks (see also my comment on sunrise).
I disagree; it is the responsibility of the party forwarding the message
only to do so in ways which respect the wishes of the originator. If the
originator indicates (by not including the forwarder as an allowed sender
in their SPF records), then the forwarder should not be sending messages
claiming that origin.
Put another way, if I publish (correct) SPF records for my domain, and
then send a message to A, who forwards to B, who then applies SPF
checks and bounces the mail, it should be clear from the spec that
it's B that's at fault, and not me.
No. A is at fault. A is forging their outgoing messages to make it appear
that they originate from you, when in fact they do not.
Publishing SPF records mustn't
carry with it a responsibility not to send mail to mail forwarding
accounts, since that's clearly unworkable (and will act as a
disincentive to publish the records).
It can't; really there is no responsibility attached to publishing SPF
records. All you are doing is providing information which receivers may
or may not choose to use. If you then choose to send mail that is likely
to be dropped by those who choose to use that information, it's your problem
rather than theirs. This implies that your responsibility is likewise only
to you (well, and your users, but there's nothing new there).
That's a feature, btw. ;-)
Cheers,
Nick
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡