spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: The New SPF: introducing RFROM

2004-05-26 05:37:16
from [Seth Goodman] [Permanent Link] 
From: Jeffrey Goldberg
Sent: Tuesday, May 25, 2004 10:53 PM


On May 24, 2004, at 2:25 PM, Roy Badami wrote:


Prepending is obviously fine, and is recommended by RFC2822.

Appending is fine, so long as any preexisting Resent-* headers are
removed.


I'm new around here, and so I hope I'll be forgiven for asking an
obvious question.  If the answer is RTF FAQ entry or RTF list archives,
I will happily respect that, but would appreciate some specific pointer
to help me find what I over looked.  OK, so here goes the obvious
question.

Why not use source routing?  It is not used for anything else, and 2821
requires accepting source routed addresses but ignoring the content
except for the end of the path.

As I said, I'm new to this discussion.  And this seems to me like such
an obvious option, that there must be something fatally wrong with it
if we're looking at RFROM and trying to use Resent-* headers.

So what am I missing?


I don't think you're missing anything.  Source routing is a deprecated
practice in RFC2821, as you mentioned.  The only issue I see is that a mail
sender should not be permitted to _specify_ a source route.  That is an old
practice that is clearly not needed and incompatible with how email works
today.  However, I don't see that there is any harm in recording the route
actually taken in the MAIL FROM:, as an alternative to putting the current
sender in RFROM.  Similar to RFROM, it is really an advance look at the key
information in all the received headers made available before DATA.  The
other question is a political one:  is it easier to get through a new ESMTP
extension or to revise RFC2821?  I suppose that the SPF RFC could just
declare we will use source route format for MAIL FROM:, since it _is_
required in RFC2821 that all recipients handle it correctly, even though it
is deprecated.

There is some good to be had by doing the hopefully redundant PRA extraction
on the headers.  We would like to catch the situation where the 2821
information is compliant with SPF but the 2822 message headers are something
else entirely.  The PRA extraction and the requirement that PRA matches
either MAIL FROM: or RFROM, if it is available, is a key step in making sure
the 2821 and 2822 information agree.

What do others think?

--

Seth Goodman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The New SPF: overall outline - CAUTION GPL REQU IRED, Graham Murray
Next by Date:  case test, Ed White
Previous by Thread:  Re: The New SPF: introducing RFROM, Jeffrey Goldberg
Next by Thread:  Re: The New SPF: introducing RFROM, Daniel Taylor
Indexes:  [Date] [Thread] [Top] [All Lists]