RE: a "never relays" parameter

From: Daniel Quinlan
Sent: Wednesday, June 09, 2004 3:05 PM


"Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com> writes:

I'm still confused about what you originally proposed.  If I
understood you right, it was that a domain owner would be able to
forbid any relaying of their mail.


Yes, although I'd phrase it as "a (sub)domain owner would state that
they only send mail directly to recipients / never relay their outgoing
mail through a host not specified in the SPF record".

How can a domain owner know whether the addresses they send to are
end-user accounts or forwarding accounts?  Let's say that AOL's user
set up a forwarding account, dignified-user(_at_)pobox(_dot_)com, that 
forwards
to their home address flatus(_at_)bozoISP(_dot_)com, for obvious reasons.


It's the job of pobox.com to do the SPF check and the user should
configure their account to trust the SPF checks done by pobox.com and
not recheck them.  If you can't trust your forwarding service, then
what's the point?


People _can_ whitelist their forwarders to save time, but I don't think you
can say that people _cannot_ do SPF checks on their forwarders.  If the
forwarder implements an appropriate protocol, such as SUBMITTER, RSR or SRS,
they don't need whitelisting and they will pass SPF checks.  Whitelisting of
forwarders per user is a daunting task in a large organization.

In this case, billing.aol.com sends a billing message to
dignified-user(_at_)pobox(_dot_)com, but pobox.com rejects the message 
because
billing.aol.com prohibits relaying.  Poor Mr. Flatus never gets his
bill and AOL doesn't get their money.  If I've misunderstood what you
are proposing, please correct me.


Why would pobox.com reject the message?  It was sent directly to
pobox.com by billing.aol.com and that would be permitted.


Because billing.aol.com published a policy that prohibits relaying and
pobox.com is doing something the end user can't distinguish from relaying.
Unless, of course, the end user whitelists all their forwarders and reject
all mail that uses any of the address rewriting schemes.

--

Seth Goodman

<Prev in Thread]	Current Thread	[Next in Thread>
Re: a "never relays" parameter, (continued) Re: a "never relays" parameter, Stuart D. Gathman Re: a "never relays" parameter, Daniel Quinlan Re: a "never relays" parameter, Stuart D. Gathman Re: a "never relays" parameter, Daniel Quinlan RE: a "never relays" parameter, Seth Goodman Re: a "never relays" parameter, Daniel Quinlan RE: a "never relays" parameter, spf Message not available Re: a "never relays" parameter, Daniel Quinlan RE: a "never relays" parameter, spf Re: a "never relays" parameter, Nico Kadel-Garcia RE: a "never relays" parameter, Seth Goodman <= Re: a "never relays" parameter, Stuart D. Gathman RE: a "never relays" parameter, Seth Goodman RE: a "never relays" parameter, Stuart D. Gathman Re: a "never relays" parameter, Roger Moser Re: a "never relays" parameter, wayne RE: a "never relays" parameter, Seth Goodman EXP, mike Re: EXP, spf Re: EXP, mike Re: EXP, Angus