OK, we need to get the basics cleared up first, then.
Can we assume that the MTA is performing SPF checks while the SMTP
connection is still up?
Either way, it doesn't matter. It can be done while the smtp connection is
still open, or spf can do it after smtp connection has closed; my point
remains valid:
The mta that is receiving a message via smtp knows one thing for a fact: It
knows the IP address at the other end of the smtp connection. For now let's
just assume it is 130.64.64.129
(Verification Method 1 - Unspoofable information. IP address of last relay)
If it were safe to assume that 130.64.64.129 will only pass along messages
that are already verified, then your authentication is already finished.
This concept is the basis for Certificate Authority based verification
schemes.
If you don't want to use a CA based authentication scheme, there is only one
alternative:
(Verification Method 2 - Spoof detection)
After the relay opens the smtp connection, the relay says something that
could only be said by the real sender, and you must verify it.
For example, let's suppose the relay submits an email that claims to be from
joe(_at_)joe(_dot_)com And let's suppose that message had a signature in it.
If you
(the receiver's MTA) could compare that signature against a known-good
signature for joe(_at_)joe(_dot_)com, then you could assume the message really
came
from joe(_at_)joe(_dot_)com(_dot_) (Provided that spoofers cannot forge the
signature, as is
the case with encrypted private keys.) Unfortunately encryption is illegal
for about 1/3 of the world's population.
Another type of unforgable signature that isn't encrypted is the type I use
in MVP.
Now on to SPF --
First, just accept it that email will be passed along by relays. (Somebody
earlier said message delivery is usually direct, and I'm just defying that
by saying Message delivery is not often direct. It is done by relays.)
Second, let me make this assumption -- If joe(_at_)joe(_dot_)com sends a
message to
mary(_at_)mary(_dot_)com, then it should say it's from
joe(_at_)joe(_dot_)com(_dot_) In other words, I
am saying that relays should not change the email address of the sender. If
relays were to change the sender's address, then Mary will have no idea who
sent it, because the path from joe to mary is not guaranteed. Especially if
they travel.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡