The more I think about SRS vs. SUBMITTER, the more I like SRS.
-SRS is ONLY required by forwarders (not senders or receivers), and extensions
to SMTP are NOT needed.
-SUBMITTER is required by forwarders AND receivers, and an extension to SMTP is
needed. And, worst of all, bounces can be forged.
Ok, so now I'm spending time trying to figure out how to prevent SUBMITTER
(without munging the addresses ala SRS or SES) from allowing forged bounces
from being injected. Here's one idea: Pass SRS type information in ENVID.
ENVID specified in RFC 1891:
http://www.ietf.org/rfc/rfc1891.txt?number=1891
This examples is a permutation of the examples on
http://spf.pobox.com/srs.html
ann(_at_)orig(_dot_)com
sends to: bob(_at_)alias(_dot_)com
MAIL FROM: <ann(_at_)orig(_dot_)com> ENVID=yf09+Cw
RCPT TO: <bob(_at_)alias(_dot_)com>
bob(_at_)pobox(_dot_)com
forwards to: cob(_at_)third(_dot_)com
MAIL FROM: <ann(_at_)orig(_dot_)com>
SUBMITTER=<bob(_at_)pobox(_dot_)com> \
ENVID=yf09+Cw
RCPT TO: <cob(_at_)third(_dot_)com>
Ok, now let's say third.com needs to bounce this message, it connects to
orig.com:
EHLO third.com
MAIL FROM: <>
RCPT TO: <ann(_at_)orig(_dot_)com>
DATA (sends DSN with Original-Envelope-ID: yf09+Cw)
The MTA at orig.com can now use the "Original-Envelope-ID:" to determine
whether the bounce is valid. Ideally, the ENVID would get passed back on the
DSN's RCPT command, but alas it does not. I suppose if we are adding SUBMITTER
to MAIL FROM, we could add ENVID parameter to RCPT, like this:
EHLO third.com
MAIL FROM: <>
RCPT TO: <ann(_at_)orig(_dot_)com> ENVID=yf09+Cw
NOTE: I am not advocating any of this, just throwing out the idea.
Michael R. Brumm