On Wed, 9 Jun 2004, Seth Goodman wrote:
Actually, if the domain owner wishes to prohibit any intermediate hosts from
handling his message, the recipient could enforce this by using MAIL FROM:
to get the domain for the SPF check. They would also have to recognize and
reject on any indications of forwarding, such as SUBMITTER != MAIL FROM:,
use of RSR or SRS. Another complication is if the sender uses SRS from the
source. The recipient would have to detect this by looking at the two
domains in the SRS address. I don't know how to express any of those
actions using the exists mechanism, but that behavior would accomplish the
policy that Dan requested.
Sorry, I got SUBMITTER and MAIL FROM switched.
Just include both SUBMITTER and MAIL FROM in the exists for the MAIL FROM.
The code in the senders DNS server then does the same check as the
receiver would. What is not happening now is checking with MAIL FROM -
only the SUBMITTER is SPF checked.
And there was an excellent suggestion to make that MAIL FROM check
a CBV check, but using DNS instead of SMTP - just lookup a name containing
the relevent info.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.