spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SPF & Bounced Emails

2004-04-30 14:53:51
from [Stuart D. Gathman] [Permanent Link] 
On Fri, 30 Apr 2004, Kevin Kolk wrote:


I've been reading over the SPF site and articles regarding the system
however one thing isn't entirely clear to me - how well the system can
help me block bounced email messages.

While I understand that this system will allow supporting domains to
validate if the email came from my systems and block receipt without
generating a bounce message to me, I'm not sure how it deals with bounce
messages from non-supporting hosts.   Is there a way that I will be able
to examine incoming bounce messages using this system to validate if
they actually came from my system originally and filter those that did
not?  


For that you want Sender Rewriting Scheme - which you need anyway if you plan
to forward email from sites that publish SPF.  If you simply rewrite the sender
with a crypto on *all* email, even when not forwared, (often called SES -
Signed Envelope Sender), then you can reject any bounces lacking a valid
crypto cookie.

Not only that, but recipients can use CBV to check the return path
providing an alternate way to detect forgeries.  However, there are 
problems with depending only on SES (see lengthy discussion in
this list).  You should publish SPF as well.  Since you need SRS 
for forwarding with SPF, the two work together very nicely.

http://spf.pobox.com/srs.html

There are links to some C and Perl implementations.  I also have a Python
implementation that is working nicely in production on systems with 20 - 70
users active users. (The only bottle neck is the sendmail integration loads a
fresh python interpreter for each address that needs rewriting.  The Perl
version has the same problem until sendmail implements the socket daemon
protocol.)

http://www.bmsi.com/python/pysrs.html

Both the Perl and Python versions have a socket daemon that should work
with Exim (and future versions of sendmail).

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SPF & Bounced Emails, Roger Moser
Previous by Thread:  SPF & Bounced Emails, Roger Moser
Indexes:  [Date] [Thread] [Top] [All Lists]