begin Friday 06 February 2004 03:51, David A. Wheeler quote:
One way to counter all this would be if the end-systems let
each users specify "trusted forwarders" for themselves.
In other words, a forwarder whitelist. You could even use SPF
syntax. Thus, a user at yahoo.com could specify that they trust
email forwarded to them by "+mx:mydomain.com -all", and any email
forwarded by one of their mail servers would be automatically trusted
as having valid Received-From information that they could use for
an SPF check.
Actually, receiver systems _can_ implement such whitelists.
This is the "local policiy" parameter to the Mail::SPF:Query
constructor.
Just add local => "exists:%{ir}.local-trusted-forwarders.your.domain.com" to
new Mail::SPF::Query, where local-trusted-forwarders.your.domain.com
is a local whitelist, and you roll!
In the spf milter for sendmail, this functionality is accessible
through the -l option:
/usr/lib/milters/spf-milter -l
'exists:%{ir}.local-trusted-forwarders.your.domain.com' mail
Granted, this is not yet accessible on a per-end-user basis, but smart
use of macros should allow to set this up. Oh, wait, there is no macro
yet for current-receiver! Only current-sender: %{l}, %{s}) has macros,
not receiver. Meng, can we add one to the spec?
Regards,
Alain
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±€Ö€Íµø�?¡