spf-discuss
[Top] [All Lists]

Re: let's get rid of SRS

2004-05-21 14:11:41
In <20040519161116(_dot_)649625F9(_at_)dumbo(_dot_)pobox(_dot_)com> 
mengwong(_at_)dumbo(_dot_)pobox(_dot_)com (Meng Weng Wong) writes:

Say, how would folks feel if we got rid of SRS and replaced it with a
less onerous workaround?

Of course we would feel great!

Would that be better for forwarders?

Yes, of course!


The problem is in the details.


It has been suggested that using the qmail folks ABBS (anti-bogus
bounce system) or SES (signed envelope sender) can unilaterally solve
the bogus bounce problem.  This is somewhat true, and I encourage
people to use these systems.  It is not, however, a perfect solution.


There are still huge key-management problems for roaming users.  There
are huge co-ordination problems between SMTP servers sending the email
and the SMTP servers that handle bounces.  In some cases, these are
run by different companies.  (Talk to Margret Olsen about this, if you
don't believe me.)  There are problems with systems not accepting
these signed MAIL FROM addresses because of either the lengths of the
resulting local part or because of character set issues.


As has been pointed out many times, there *are* other solutions to the
mail forwarding problem than SRS.  For example, the receivers can
whitelist known forwarders.  This can be done with the "local policy"
option available on most SPF implementations.  The
trusted-forwarder.org global white list is just a simple extension of
this.

I think that a mix of SRS and whitelisting can make SPF very easy for
many people to quickly adopt.



-wayne




<Prev in Thread] Current Thread [Next in Thread>