On Thu, 2004-02-19 at 11:28, mw-list-spf-discuss(_at_)csi(_dot_)hu wrote:
So then how are SPF and SRS completely independent solutions, if
SPF mandates some form of SRS?
This is exactly the point which is misrepresented for some reason: you
must have SRS implemented for SPF to work, because SPF breaks bounce
handling on forwarded messages. In other words, people should not be
told: implement SPF, and we will give you SRS later. There is no SRS
independent SPF.
SPF provides responsibility. mail sent from @postalengine.com may only
come from 66.225.209.0/24 or one of its MXs:
;; ANSWER SECTION:
postalengine.com. 1D IN TXT "v=spf1 ip4:66.225.209.0/24 mx -all"
postalengine.com has revoked your right to send mails with that domain
as the envelope sender. The bottom line is that you should never have
had that "right" in the first place. It forces you to be responsible fr
the mail you forward -- so you can't spoof someone else.
If I send a mail from somename(_at_)postalengine(_dot_)com to
a(_at_)remailer(_dot_)com,
remailer.com can do whatever they want, but they _do not_ have the right
to use @postalengine.com in the envelope -- that is fraud.
You don't have to use SRS. You can use any return-path rewriting scheme
your heart desires as long as it makes _you_ responsible for the return
path on messages that leave your system. Return-path rewriting does not
require SPF and responsible remailers should implement return-path
rewriting even if they don't implement SPF.
That's the goal.
I guess another way to phrase it is that SRS is _being_ responsible
while SPF is a good mechanism for enforcing responsibility.
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on earth