spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Email forwarding w/o submission service

2004-08-21 03:50:50
from [Koen Martens] [Permanent Link] 
Hi,

On Sat, Aug 21, 2004 at 04:02:08AM -0400, Barry Margolin wrote:

My college alumni association provides an email forwarding service: any 
alumnus can get a <user>@alum.mit.edu address that forwards to their 
real email service.  However, they don't provide a mail submission 
service -- you still have to send your mail out through whatever SMTP 
server you would normally use.

How is this supposed to work with SPF?  The answers in the FAQ all seem 
to be about services like pobox.com, which also provide submission 
services.  There's no way for MIT to list all the possible mail servers 
that will send out mail from <user>@alum.mit.edu.  I guess this means 
they'll have to leave the domain unprotected, which means that spammers 
are free to forge alum.mit.edu addresses.


This is problematic. Your alumni organisation is relying on aspects of
email that have created to a large extent the spam problem: being able
to send mail pretending from whomever you want to be from whatever
server you like. For this setup to work with spf, one would either have
to ennumerate all the outgoing smtp servers (which, as you note
yourself, is impossible in this case) or publish a '+all'. Publishing
+all however will make the domain a welcome forged source for spammers
of course.

Of course, the proper thing would be to use a submission server, or some
form of remailing: you send your mail to remailer(_at_)alum(_dot_)mit(_dot_)edu 
with some
special line at the top of your email saying where to remail the actual
mail to, on behalf of which alum.mit.edu user, and possibly some secret
to avoid creating a kind of open relay.

Perhaps it would be possible to redirect the admin's of alum.mit.edu to
this list, so we can discuss a bit more what they could do to get spf
compliant (provided they want to of course).


I apologize if this has been discussed before.  It wasn't answered 
adequately in the FAQ, and there doesn't seem to be a search facility 
for the list archive.


http://spf.pobox.com/faq.html#searchlist

Koen

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Fw: Received your email: [Re: (spf-discuss)Opening Debate on SPF vs. SenderKeys], Mark
Next by Date:  RE: SPF and current sender-id drafts, John Glube
Previous by Thread:  Email forwarding w/o submission service, Barry Margolin
Next by Thread:  Re: Email forwarding w/o submission service, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]