On Sun, Feb 22, 2004 at 02:21:28AM -0800, Greg Connor wrote:
--Brian Candler <B(_dot_)Candler(_at_)pobox(_dot_)com> wrote both of:
The advantage of the callback is that you can say for certain that this
*particular* message must have originated from that ISP, and within a
known timeperiod of a few days. It also guarantees that should the
message fail to be delivered, the bounce would be deliverable.
Plus it's a reasonably useful filtering technique in its own right, which
means there's immediate benefit to you in implementing it even if no-one
else has started using SRS.
Excuse me if this has already been asked, but what is the effect of
SRS-encoding a sender address that is already in SRS format?
IIRR, what I was trying to say is that you should send out *all* messages
SRS-encoded at source. By rejecting all non-SRS-signed bounces you then are
protected from joe-jobs.
If you send
everything out with SRS-tags, are you risking them being irretrievably
mangled if some recepient actually uses SRS for forwarding?
No. In a non-SPF world, the forwarder would leave the original SRS envelope
sender unmolested. It would "just work" [TM]
If you are forwarding and the recipient implements SPF, then you need to
rewrite the address using SRS. But the SRS spec already takes care of that.
There is a specific way of modifying an existing SRS address to a new SRS
address, whose RHS domain is your own domain (and therefore will be accepted
by the SPF-aware receiver)
How many times
can SRS iterate in serial before the original is unrecoverable, or some
other limit is hit?
It's unlimited, because there is a clever design feature in SRS:
user(_at_)domain
-> srs0+stamp+domain+user(_at_)domain2
-> srs1+domain2+stamp+domain+user(_at_)domain3
-> srs1+domain2+stamp+domain+user(_at_)domain4
-> srs1+domain2+stamp+domain+user(_at_)domain5
-> srs1+domain2+stamp+domain+user(_at_)domain6
...etc
The message only retains permanently the cryptographic stamp applied by the
first forwarder, and the first forwarder's domain. Shevek's document
"srs.pdf" is a good read and explains this clearly.
Regards,
Brian.