spf-discuss
[Top] [All Lists]

Re: Digest 1.253 for spf-discuss

2004-04-20 08:59:29
At 10:19 AM 4/20/2004 -0400, you wrote:
From: Graham Murray <graham(_at_)gmurray(_dot_)org(_dot_)uk>
Subject: Re: [spf-discuss] Security Paper on forgery bounce DDoS
Date: Tue, 20 Apr 2004 07:03:27 +0100

Unless I am mistaken, forwarders are normally for the convenience of
and work on behalf of the recipient not the sender. So the recipient
will normally know what forwarders he has set up (eg xxx(_at_)pobox(_dot_)com
will be forwarded to yyy(_at_)actual(_dot_)mail(_dot_)com). In which case 
would it not
be possible to just have the forwarder do the SPF check and for the
recipient to whitelist the IP address(es) (which almost by definition
are trusted) of the forwarding systems. This would, of course, will
only work if there is only one forwarder and not have a forwarder
forward to another forwarder. Though I cannot think why someone would
want to use a chain of forwarders rather than having the first one
forward to the eventual destination (except in the case of anonymising
crypto forwarding, but SPF check on the originator would not be
possible in this scenario anyway)

******************** REPLY SEPARATER *********************
That is how I see it. We use an outside filtering service, which is
essentially a mail forwarder. If they perform the SPF check as part of
their service, then I should not have to. Unfortunately, when I asked them
what their plans were, I got a very courteous but noncommittal response.

At the moment, my only interest in SPF is stopping the abuse of our domain
name, and stopping the viral barrage (even though they quarantine the
virus, the notifications are bothersome because of the volume). It would be
nice if I could get some kind of committment from them, but until SPF
becomes mainstream, I don't think it is going to happen.

J.A. Coutts
Systems Engineer
MantaNet/TravPro


<Prev in Thread] Current Thread [Next in Thread>