On Thu, Sep 30, 2004 at 05:05:34PM -0400, John Glube wrote:
|
| We need to really deal with the problem of breaking mail
| forwarding, because at day's end, unfortunately it seems
| neither SRS nor Submitter will fully solve the problem,
| instead from the comments made by others will simply create
| more overhead without adding significant benefit.
|
| I suggest using EHELO/HELO checking is one part of the
| solution. In my view this is the next "plug-in" one wants
| to focus on.
|
I would like to request that people read up on Unified SPF,
perhaps by running through the slideshow at
http://spf.pobox.com/slides/unified%20spf/0335.html
to see how a combination of HELO and MAILFROM checks work
better in concert.
| How to strengthen this is the question. Some folks want to
| use 3rd party accreditation to check the domain. Others
| don't like this because it introduces the "human" factor.
| Hence, Hector's automated call back concept, which
| "authenticates the transaction against the original domain
| submission site."
|
| Either way, unless one focuses on methods which don't break
| mail forwarding for mail channel authentication and are low
| overhead, I suggest SPF will remain experimental.
I would like to hear a walkthrough of a technology which
doesn't break mail forwarding, but prevents return-path
forgery.