spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using headers instead of SRS

2004-01-21 13:25:26
from [John A. Martin] [Permanent Link] 
"Meng" == Meng Weng Wong
"Re: [spf-discuss] Using headers instead of SRS"
 Tue, 20 Jan 2004 22:28:10 -0500


    Meng> To make myself clear, we're talking about changing the
    Meng> subject of authentication from MAIL FROM envelope sender to
    Meng> header Sender.

    Meng> This brings a number of benefits, including this one:
    Meng> postfix-users got rather riled about changing the
    Meng> return-path, and this lets us keep them happy.

    Meng> This is not as major a change as it might seem. 

If one is opposed on principle to content filtering (aka censorship)
then this is a profound change.  Now the Sender, tomorrow the
Subject....

Apart from that, ISTM that the prime directive of mail, or at least
one of the prime directives, is in rfc2821 Section 6.1.  Sending a
"250 OK" in response to DATA creates a commitment that SPF _on the
envelope_ would help a receiver-SMTP avoid intelligently.

    Meng> In almost every case I've seen so far, Sender: matches the
    Meng> return-path, and when Sender: is not present, From: matches
    Meng> the return-path.

Is there anything in the RFCs stipulating that?  It may be common but
probably not to be relied upon.  It is easy to jigger if one wants to.

Is it too much of a stretch to take the position that a forwarder has
accepted responsibility when accepting a mail for forwarding and that
one way of discharging that responsibility would be to put the message
into a new envelope for forwarding.  A downstream SMTP-receiver would
then accept or reject the mail based upon their notion as to the
reputation of the forwarder, or whatever.  What the forwarder would do
when the downstream refuses the mail, or if it is undeliverable for
whatever reason, would be determined by the agreements or other
understandings between the forwarder and his customer.

        jam

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

Attachment: pgpbrCS49BNNl.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using headers instead of SRS, Za'mbori, Zolta'n
Next by Date:  Re: Re: Using headers instead of SRS, Alain Knaff
Previous by Thread:  RE: Using headers instead of SRS, John Warren
Next by Thread:  Re: Using headers instead of SRS, Ask Bjørn Hansen
Indexes:  [Date] [Thread] [Top] [All Lists]