On Wed, 13 Oct 2004, Hannah Schroeter wrote:
About 75% of the SPF records in the .com TLD end in -all. I would say
that it is the current practice, although certainly not the
universally adopted practice.
Have I missed something (specifically, a solution for that already in
widespread implementation and deployment) or do they just ignore the
forwarding problem?
Forwarding is only a problem for mail recipients who check SPF and
do not make provisions for any forwarders they have set up.
Forwarders are set up by the mail recipient - and are the responsibility
of the mail recipient. Mail senders publishing SPF records should not
have to worry about forwarding. (Unless you count greeting card sites
which let users enter an arbitrary MAIL FROM. This is the senders choice, in
which case you'll have to list such greeting card sites you use to send mail -
or use ?all).
Even a large ISP has no excuse. They complain that they don't know
what forwarders their users have set up. Maybe so, but they can:
1) provide a web based configuration page to list forwarders
2) default to *not* reject SPF fail for users who have not configured
their forwarders (but still add the Received-SPF header).
3) Give user who have configured their forwarders the option of
rejecting messages that fail SPF.
When configuring a forwarder, all you need to know is whether the forwarder
supports SRS.
For non-SRS forwarders, accept all mail without checking SPF. Hopefully,
you (or your user) have selected a forwarder that checks SPF before
forwarding.
For SRS forwarders, check SPF.
In any case, when forwarders are listed, do not accept SRS mail unless
it is from a listed forwarder. Otherwise, you'll get lots of forged spam
from an SPF compliant spammer site that puts SRS in the MAIL FROM.
For ISPs, I hope it is clear that this configuration is PER USER.
The decision on whether to reject an SPF fail is delayed until after
RCPT TO, so that per user configuration can be consulted.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.