spf-discuss
[Top] [All Lists]

Re: moving on from MARID

2004-09-25 07:58:44
On Fri, Sep 24, 2004 at 11:34:52PM -0700, Greg Connor wrote:
| 
| Actually I was going to say just the opposite.  Submitter was originally 
| Meng's idea (if I remember right) and was described as "the entity 
| responsible for the most recent injection of this message into the mail 
| stream".

To set the record straight, SUBMITTER was actually MS's
idea.  They unveiled it to me in May at the D.C. MAAWG
meeting where we agreed on the Sender ID compromise.

However, using it as a standalone entity as Greg suggests is
an intriguing possibility which I would like to continue to
explore.
 
| In other words, the SPF Classic way is to rewrite MAIL FROM and take 
| responsibility for bounces.  The Submitter way would be to accept certain 
| mail from known good sources and still bounce it to the MAIL FROM address 
| if a bounce is necessary.

I agree that solving forwarding with SUBMITTER may be more
palatable to forwarding MTAs.  However, the forwarding
community has been conspicuously silent on this debate.  MTA
vendors have shown themselves variously willing to
contemplate SRS: I know that php.net, which runs Ecelerity,
is now doing SRS; pobox and GMX are doing SRS.  But authors
of other MTAs have said it is "ugly", which can perhaps be
read as another word for "too hard".  While authors may not
like it, the opensource community has not found it too hard,
and SRS patches for most opensource MTAs are now available
for download.  And that is how opensource is supposed to
work.

But because spammers will omit SUBMITTER, it seems important
to preserve MAIL-FROM protection even in a SUBMITTER-enabled
world.  If SUBMITTER is not present, and nothing else
provides a positive result, I still want to be able to
reject based on a MAIL-FROM "fail" result.  I believe that a
lot of folks on this list share that concern.  If this is
not true, please speak up now ...


<Prev in Thread] Current Thread [Next in Thread>