On Thu, 27 May 2004, Jeffrey Goldberg wrote:
On May 27, 2004, at 2:17 PM, Stuart D. Gathman wrote:
I have not yet seen a good answer to why we can't resurrect the reverse
source path.
I agree with you. I raised this question recently. One answer I got is
here:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200405/0349.html
OK, recording the route taken in MAIL FROM is something we can do
today in compliance with RFC 2821 (albeit deprecated). No software
changes in receivers or senders are required. No ESMTP extensions
are required (RFROM). What's not to like?
O: Here is one potential problem: suppose a message goes through 3
forwarders. One forwarder prepends to the reverse source path in
MAIL FROM to support SPF. The other 2 don't. Does a partial
reverse path break things?
A: If the last forwarder does not prepend the source path, then the receiver
cannot do SPF. Otherwise, I think the receiver is only interested in the
last hop for SPF purposes. Since RFC2821 forbids using the source path for
delivery, it should not be a problem. If a really old mailer tries to use
the source path for delivery, as soon as the message gets to an RFC2821
system, it will ignore the source path and go directly to the final
recipient.
O: Here is another objection: the source path is redundant with the
Received headers for diagnosing problems. For SPF purposes, only the last
hop is needed - the rest of the source path is redundant. RFROM
provides only the relevant info without cluttering up MAIL FROM.
A: A receiver may wish to verify more than just the last hop. RFROM
is not available yet, reverse source path is. Since a partial
reverse source path must be allowed as discussed above, a forwarder
could simply replace the reverse path instead of prepending.
If SPF receivers looked at the reverse path, then forwarders would have
a choice of implementing reverse path or implementing SRS (or doing nothing and
letting the receiver whitelist). An SPF receiver with software that
does not support reverse path would whitelist a reverse path forwarder
as they must whitelist a non-SRS forwarder today.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.