spf-discuss
[Top] [All Lists]

Re: Sender forwarding

2004-04-21 16:18:14
This is similar to the problem that I have seen when people send online 
greeting cards, such as from Yahoo! Greetings.  The 'application' that you are 
referring to is not really forwarding, but rather "sending on behalf of", and 
is more similar to a mailing list.  In my opinion, the mail from should be, in 
this case, Yahoo! Greetings and the hospital, in yours.

Marc


From: "Stuart D. Gathman" <stuart(_at_)bmsi(_dot_)com>
Date: 2004/04/21 Wed PM 06:52:30 EDT
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Sender forwarding

I have heard it stated several times on this list that legitimate
forwarding is set up by the receiver - and therefore the receiver should
be able to whitelist the forwarder.  I have just run into an SPF false
positive where the sender initiated forwarding.

The sender is a hospital.  They have a service where you can email
pictures of your newborn(s) to family and friends from terminals in the
hospital.  Or maybe it is just a generic webmail service.  Their
application asks for a from email address and rcpt addresses.  It uses the 
from
address for both MAIL FROM and header From.  The theory, I guess, was that any
bounces would go to the address entered rather than to the hospital.

Naturally, mail with an SPF enabled from domain gets bounced by an
SPF checking MTA (mine).  The bounce has a nice link to the why.html page,
and was properly delivered to the from address, but the user was still 
confused.
Especially after they forwarded the bounced message from home several days
later and it arrived with no problems.  Naturally they felt jipped.
The sender felt it was the hospitals fault (because it worked from home).
The recipient felt is was the fault of SPF, and got angry when I tried to
explain how it works.

What we would like is for the hospital mail service to implement SRS, and
forward any bounces to the original from address.  The bounce came from
postmaster(_at_)chi-hasco-001(_dot_)frymulti(_dot_)com if anyone wants to try 
some
evangelism.

-- 
                      Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
      Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
      "Very few of our customers are going to have a pure Unix
      or pure Windows environment." - Dennis Oldroyd, Microsoft Corporation

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200403.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>