Hi,
On Sat, Aug 21, 2004 at 04:02:08AM -0400, Barry Margolin wrote:
My college alumni association provides an email forwarding service: any
alumnus can get a <user>@alum.mit.edu address that forwards to their
real email service. However, they don't provide a mail submission
service -- you still have to send your mail out through whatever SMTP
server you would normally use.
How is this supposed to work with SPF? The answers in the FAQ all seem
to be about services like pobox.com, which also provide submission
services. There's no way for MIT to list all the possible mail servers
that will send out mail from <user>@alum.mit.edu. I guess this means
they'll have to leave the domain unprotected, which means that spammers
are free to forge alum.mit.edu addresses.
This is problematic. Your alumni organisation is relying on aspects of
email that have created to a large extent the spam problem: being able
to send mail pretending from whomever you want to be from whatever
server you like. For this setup to work with spf, one would either have
to ennumerate all the outgoing smtp servers (which, as you note
yourself, is impossible in this case) or publish a '+all'. Publishing
+all however will make the domain a welcome forged source for spammers
of course.
Of course, the proper thing would be to use a submission server, or some
form of remailing: you send your mail to remailer(_at_)alum(_dot_)mit(_dot_)edu
with some
special line at the top of your email saying where to remail the actual
mail to, on behalf of which alum.mit.edu user, and possibly some secret
to avoid creating a kind of open relay.
Perhaps it would be possible to redirect the admin's of alum.mit.edu to
this list, so we can discuss a bit more what they could do to get spf
compliant (provided they want to of course).
I apologize if this has been discussed before. It wasn't answered
adequately in the FAQ, and there doesn't seem to be a search facility
for the list archive.
http://spf.pobox.com/faq.html#searchlist
Koen
--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/