On Wed, 27 Oct 2004, Julian Mehnle wrote:
Crypto will never prevent misdirected bounces, i.e. envelope sender
forgery, though. Only SPF Classic, RMX, and Co. will.
Utter crap. The correct way to fix forgery backscatter is to put a
cryptographic token in the MAIL FROM address on your outgoing email (e.g.
SES or BATV). This allows you to distinguish between valid bounces and
bounces from forged email. It does not require co-operation with anyone
else and has significantly fewer interoperability problems than SPF.
Note that most SPF records end in ?all in order to avoid the breakage that
-all causes; however ?all records don't allow you to reject forgeries and
so have no effect on backscatter. Some idiots are interpreting SPF records
too strictly, e.g. responding with a 450 code when the SPF record ends in
?all, which has already caused us noticable problems.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.