On Wed, 2004-09-15 at 10:55 -0500, Daniel Taylor wrote:
The perspective issue.
Sender or repient? Who is SPF really for?
Mr. Woodhouse's examples are from the recipient's perspective.
The exists mechanism is only reliable from the sender's perspective.
Sort of true, yes -- I _could_ set up a stunt DNS server and use an
exists record with %{l}, and the recipient _might_ be able to work out
what I'm doing from the fact that my reverse-path is of the form
SRS0+xx+yy+infradead(_dot_)org+dwmw2(_at_)pentafluge(_dot_)srs(_dot_)infradead(_dot_)org
and the fact
that an 'exists' lookup generated by the unsigned address
'dwmw2(_at_)infradead(_dot_)org' would fail, and hence that mail claiming to be
from just 'dwmw2(_at_)infradead(_dot_)org' isn't acceptable even from my own
servers.
But mostly they won't really notice the details, and won't have any
_more_ reason to believe that it really came from me than if it were an
SPF pass in the 'traditional' way.
Mostly, I protect _myself_ by using SES, because I'm never going to see
your bounce to the message I didn't send. It protects you at the moment
only if you bother to do SMTP sender verification callouts.
But I wouldn't agree with your second statement; that the exists
mechanism is reliable from the sender's perspective. Too few people
actually reject on failure for it to be considered 'reliable' -- and
with people publishing '-all' before the world is ready, it doesn't make
_sense_ for people to be rejecting on a failure. So I could go to all
the trouble of doing a stunt DNS server and it would buy _me_ almost
nothing, while offering some extra protection to people whom I think are
silly. The real benefit to me comes from this bit:
MAIL FROM:<>
250 OK
RCPT TO:<dwmw2(_at_)infradead(_dot_)org>
550-This address never sends messages directly, and should not accept
bounces.
But we digress. Who can tell me if Joe really sent the mail I presented
in the first of my examples?
--
dwmw2