On Sun, 25 Jan 2004, Greg Connor wrote:
: Hmm, I can see the distinction between forwarding and relaying and I agree.
: I think saying "Forwarding is not broken, but relaying (mostly) is" is
: correct, but it doesn't narrow the scope of the problem. SPF breaks "what
: pobox.com and others do" regardless of the name.
I should point out that the sysadmins of popular forwarding services
(including, in particular, Suresh of Outblaze, which owns mail.com, etc.)
have expressed major interest in SPF. They are likely willing to implement
SRS to make SPF feasible.
And to be honest, I *want* to see other not-really-relay services ("Send
this page/card/etc. to a friend") to break with SPF. Those services are
already abusive as it is, and they *should* be forced to implement traceable
return paths.
: Longer term, I would like to see some filters a la Spamassassin that flag
: as "suspicious" if Return-Path doesn't equal Sender:.
Eh? That's a bad thing to flag. Consider:
1. User is on a mailing list, which (properly) sets Sender: to the mailing
list return path address.
2. The address subscribed to the list is a pobox.com address, or that of
some other aliasing service, which rewrites the envelope a la SRS.
3. The received mail at the destination mailbox flags your check.
Sender: != return path (envelope). Please do not equate them, or even
cosider them to be related; they're not.
--
-- Todd Vierling <tv(_at_)duh(_dot_)org> <tv(_at_)pobox(_dot_)com>
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡