In
<1101139515(_dot_)8191(_dot_)7510(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:
On Mon, 2004-11-22 at 16:53 +0100, Alex van den Bogaerdt wrote:
Here's my opinion:
When my domain sends a message to a third party, this third party should
not use my domain name when it decides to forward the message. If it
needs to forward the message, it should generate a new message, either
copying the content or attaching the original message, and use its own
envelope to send that new message.
[...]
Too many people when challenged just declare that it's their _right_ to
make such bizarre requirements retroactively, without actually bothering
to explain their thought process.
There are answers to this problem which don't require the world to
'upgrade' to match your idea of how things should be. What's your
problem with those?
I don't know of any proposal that doesn't require most of the world to
upgrade. Despite that, I like a several proposals besides SPF to help
stop email forgery.
A year ago, I would have strongly agreed that the forwarding problem
was going to be a big deal. Now, having collected quite a bit of data
from the T-FWL and other sources, I have come to the conclusion that
there is a heck of a lot less forwarding going on than I thought. As
a result, I'm almost to the point that saying even if forwarding
solutions like SRS didn't exist, SPF adoption (with -all) would happen
anyway.
The evidence I have is that breaking mailing lists is MUCH more
serious of a problem than breaking forwarding. Most other solutions
break at least some mailing lists.
Forwarders who care about their messages being delivered will
implement SRS. Users who care about receiving their forwarded email
will either use a forwarder that implements SRS, or whitelist their
forwarders. Forwarders and their users that don't care about their
messages being delivered don't have to do anything.
-wayne