spf-discuss
[Top] [All Lists]

RE: Re: Electronic Frontier Foundation (EFF) Article On Anti-Spam Technologies Mentions SPF

2004-11-18 15:29:56
[sorry for the earlier format-boo-boo]

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Dave 
Crocker
Sent: donderdag 18 november 2004 22:33
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: Electronic Frontier Foundation 
(EFF) Article On Anti-Spam Technologies Mentions SPF


If the bounce address is used, it is because the destination
address is problematic.

A problematic destination address is only one of many possible
reasons why a message cannot be delivered (perm error). You
only describe problems at the RCPT TO: phase. Your message may
be rejected long before that (and, in case of your spoofed
envelope-from, which started this thread, it actually was).

That is something that the rfc2822.author and/or rfc2822.sender
need to know.

Nah.

I cite the 2822.from because it is the 'virtual' 2822.sender, when
sender==from. The simple way to say this is that the bounce is set
by the 2822.sender. Always. It has nothing at all to do with any of
the intermediate MTAs.

I think you got it backwards. The 'return-path' (envelope-from) has
everything to do with intermediate MTAs, and *nothing* with the
"rfc2822.author". That is, the envelope-from is used for
inter-MTA communication, and may, in format and domain, even vastly
differ from the "rfc2822.author" found in the headers at the DATA phase.
SRS, for one, is based on that principle. And it is SRS, for one, which
makes forwarding possible under SPF, using a 'local' MAIL FROM domain of
the sending MTA, so as to obtain an SPF "pass" on the receiving end.

Technically, it is not even necessary to 'expose' the envelope-from to
the recipient at all. In practise, though, this almost always happens,
as the receiving MTA sticks in a "Return-Path" header, or adds a
"(envelope-from: )" line in the Received: header it adds. So that LDAs,
and tools like SA, can examine the envelope-from too.

- Mark 
 
        System Administrator Asarian-host.org
 
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx


<Prev in Thread] Current Thread [Next in Thread>