spf-discuss
[Top] [All Lists]

Re: Changing the meaning of "mail from" is stillborn

2004-01-20 10:48:58
On 20 Jan 2004 at 11:12, arnold+spf(_at_)Arnold(_dot_)com wrote:

The mail from address in the (E)SMTP dialogue, sometimes called the
envelope sender, but better described as the envelope return address,
has a defined meaning:  It is the address to which delivery status
notifications are to be sent (or <> if DSNs should not be sent).  Any
attempt to redefine the meaning of the envelope return address as a
sender, where it conflicts with the current meaning, is doomed.  User
agents and MTA will simply not be rewritten to use the new meaning, no
matter how well-intentioned.

I don't think SPF is attempting to redefine the meaning of the
Return-Path. If you read carefully:

 http://spf.pobox.com/srs.html

you will see that this only applies to email forwarding servers. You
don't even need to bother with the Sender Rewriting Scheme if you your
emails are handed over directly to your final destination mail-server.
Even on mail-forwarding servers, the meaning of this header is still
present: This is the address to return the email, in case there is
any trouble.

The problem here lies in the fact that the autentication is done based
on the MAIL-FROM in the SMTP-dialogue. The domain of this is checked
against the IP of the mail-server trying to send the mail using the
SPF-techniques.

Now imagine your mail-server for @my-domain.com sends email to a
@mail-forwarder.com address, which then forwards your email to some final
destination @final-destination.com. If the MAIL FROM is kept as
@my-domain.com after being forwarded by mail-forwarder.com mail-server,
the recipient would now know that this email has been forwarded (you 
can't trust older Received-lines...) so if SPF is active, it will just
reject the email, since the mail-forwarder.com mail-servers are not 
allowed to send emails using the my-domain.com.

So we rewrite the address so it seems to come from mail-forwarder.com's
domain. But we still want to be able to return the mail to the sender
in case there is any problem (because that's one of the meanings of this
MAIL FROM envelope header anyway), so the rewritten address has to
contain some kind of information about the original sender. The proposed
scheme at the link I mentioned earlier is one way to accomplish this. 

The rewriting and the translation back has to be handled by the 
mail FORWARDING server only, and no place else.

Your ideas are interesting, but they have to be implemented in much more
places (mail client? all MTA?), so I think the chosen rewriting technique
is more pragmatic.


-- 
Ernesto Baschny <ernst(_at_)baschny(_dot_)de>
 http://www.baschny.de - PGP: http://www.baschny.de/pgp.txt
 Sao Paulo/Brasil - Stuttgart/Germany
 Ernst(_at_)IRCnet - ICQ# 2955403

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡