On Sat, Jan 17, 2004 at 11:19:07AM -0600, wayne wrote:
| In <4008F6F4(_dot_)30978(_dot_)9F7CA2A8(_at_)localhost> "John Warren"
<John(_at_)wenet(_dot_)tustin(_dot_)ca(_dot_)us> writes:
|
| > I think the "MAIL FROM:" transaction field should contain the
| > authenticated sender address not the field supplied by the user in the
| > "From" header field. The "MAIL FROM:" would then be the same as the
| > "Sender" header field.
|
| It is my understanding that the Sender: header is, unfortunately,
| ambiguous. It's exact defininition changed between RFC822 and RFC2822
| and RFC822 used it in two different ways. I forget where I saw this
| discussed, but I remember being pretty well convinced that Sender: is
| not very reliable.
|
| > Who is the true sender of the message? It has to the the authenticated
| > sender not the "From" sender which could be forged even if it is a
| > legal forgery.
|
| A more likely candidate for what you describe would be Resent-From:
| however I think this is not always reliable either.
OK, so where are we with this thread?
I think we agree that a forwarder will have to do some kind of twiddling.
The question is whether you want to twiddle the envelope or the headers.
This is a decision we can still make, but the window of opportunity is
closing fast. So let's go over the pros and cons.
Twiddling the Envelope
Pros: 1) can reject before DATA, saving bandwidth.
2) MTAs already capable of filtering on envelope commands,
can call out to plugins, etc.
3) rejection can occur on a per-user basis
Cons: 1) have to do stupid cookie tricks
2) violate the 64 char localpart limit
Twiddling the Headers
Pros: 1) don't have to do stupid cookie tricks
Cons: 1) MTAs have to parse headers
2) rejection has to occur after ".", at higher bandwidth cost
When using the envelope, we consider only the MAIL FROM return-path.
When using the headers, we would use one of Resent-Sender, Resent-From,
Sender, and From, in that order.
A forwarder would add Resent-Sender.
The envelope sender address would remain unchanged from end to end.
Thoughts?
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡