-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of David
Woodhouse
Sent: maandag 22 november 2004 13:01
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Sendmail white paper
On Sat, 2004-11-20 at 16:40 +0000, Mark wrote:
Regardless of whether they be right, though, I do not want
some major ISP going over its logs one day, and say, "Hmm,
we seem to be getting a lot of spoofs from Asarian-host (read:
SPF "fail"); let's block this guy." I, for one, make sure that
*everything* which comes from my relay will SPF "pass". SRS
ensures that.
That's actually more likely to happen the other way round, I'd expect.
If they're getting mail they don't _want_ from you and you aren't
performing SRS, then they _may_ be silly enough just to block the SPF
failures.
Alternatively, if you've vouched for everything you pass through by
giving it an SPF 'pass' in your own domain, when it may not
have had an SPF pass in the first place, perhaps _then_ they'll block
your domain.
If it had an SPF "fail" when I first received it, I will not forward
it either, of course.
By doing SRS you are vouching for mail which you're forwarding. Do you
really want to do that?
"vouching" is a laden term. SPF vouches for nothing, except that a message
with an SPF "pass" is authorized to come from the connecting IP address.
It is not an endorsement of content.
All forwards are inherently risky, as you are 'relaying' mail which did
not originate from you. SRS does not make that more dangerous; nor less,
for that matter. By preventing a spoof, what SRS does, at least, even if
the forward were a spam, is not adding insult to injury.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx