David Woodhouse wrote:
On Fri, 2004-03-26 at 16:55 -0500, Meng Weng Wong wrote:
Commercial forwarders are going to have to do SRS anyway, because
they're in the business of making things work, not making things break.
The idea of making 551-obedience mandatory for SPF publishers makes
things work _without_ such onerous requirements on forwarders. Isn't
that a good thing?
At least we could say that domain publishing SPF 'SHOULD' react to a 551
response to a 'RCPT TO:' by sending the mail to the indicated address,
rather than bouncing.
If a forwarder chooses to forward mail to roleaccount(_at_)whitehouse(_dot_)gov, it
will come from that machine. If a forwarder decided it didn't like a
bulk mailer (legit or not) it could just start returning 551 try
<roleaccount(_at_)whitehouse(_dot_)gov> and then the bulk mailer is going to
effectivelty attach the whitehouse.gov mail systems.
This is precisely the reason we want to implement SPF in the first
place. If I send a mail to a forwarder and they choose to be obnoxious
and send all mails from me to roleaccount(_at_)whitehouse(_dot_)gov, at least they
originate from the forwarders IP space. SPF would mean that they would
also be fraudulantly using my domain name in the return path and it
should be detected and rejected by the victim site.
It just seems that all these steps to help forwarders just reduce the
accountability that SPF is supposed to add.
Return path rewriting means that a forwarder will take responsibility
for processing the return path if they choose to forward the message
onward. This prevents the above style of abuse and is more accountable
on the part of the forwarder. In addition to the reasons Meng mentioned
for forwarder adoption, I'd say that some forwarders will adopt this and
become more responsible and accountable for the mail they choose to
forward. Then the straggling forwarders wil be force to adopt because
they will be viewed as less responsible and less accountable if they do not.
The propsed method of 551s makes and assumption that forwarders are
trustworthy and always in control of their machines. While I would
agree that the first is more true than not, the second is not something
I want to rely on. Return path rewriting combined with SRS allows us to
_not_ trust the forwarders. As SMTP shows us, a system that is trusting
is prone to abuse.
--
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth