On Mon, 2004-11-22 at 12:51 +0000, Mark wrote:
If it had an SPF "fail" when I first received it, I will not forward
it either, of course.
So you throw away mail which is potentially valid, which may have been
forwarded by a forwarder which doesn't do SRS.
What about incoming mail with SPF 'unknown'? Do you do SRS on that?
There's usually absolutely no need for you to do so -- if you forward it
intact, it's likely to still be 'unknown'.
"vouching" is a laden term. SPF vouches for nothing, except that a message
with an SPF "pass" is authorized to come from the connecting IP address.
It is not an endorsement of content.
The only way SPF is actually useful in the real world is if it's
accompanied by some kind of reputation system so that people can know
that mail from 'alwaysspams.com' is bad and mail from 'neverspams.com'
is good. Vouching for mail is precisely what you're doing.
All forwards are inherently risky, as you are 'relaying' mail which did
not originate from you. SRS does not make that more dangerous; nor less,
for that matter. By preventing a spoof, what SRS does, at least, even if
the forward were a spam, is not adding insult to injury.
Compare and contrast with a real end-to-end system where the 'vouching'
is done by the original sender and remains intact through multiple hops.
--
dwmw2