-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Mark
Sent: Tuesday, November 23, 2004 7:31 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Sendmail white paper
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
David Woodhouse
Sent: dinsdag 23 november 2004 11:30
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Sendmail white paper
On Mon, 2004-11-22 at 20:40 +0000, Mark wrote:
When you put it like that, it sounds like it is "my"
decision; but it
is really that of the domain owner. I take it an admin who adds
"-all" SPF records is sufficiently confident about the
manner in which
mail for his domain is going to be relayed.
You directly contradict what Scott Kitterman says. He says
it's OK to
publish '-all' because sites whose users may forward mail
to its final
destination there (i.e. most ISPs) should know not to check SPF.
Not doing SPF checks for mail that is going to be forwarded is just
passing the phising buck to the next hop. It could be a
policy; it is not
mine, however.
SPF is about the legitimacy of a relay. You cannot pass a "neutral",
"pass", or "unknown" to the next hop, as the forwarder
introduces his own
relay, with his own SPF records. Therefore, looking at it from the
perspective of the relay, the SPF record of the incoming
relay is really
irrelevant with regard to forwarding (except when the incoming mail
"fails" to begin with).
But you say that you should check SPF because sites whose users may
_send_ mail to users who forward mail should know not to
publish SPF.
No; I am saying forwarders should do SRS. :)
In practice it's impossible for most large sites to know
either whether they'll send mail to a forwarding address, or whether
they'll receive mail which is forwarded. Thus, one should neither
publish nor obey '-all' records, yet each of you seems to be blaming
the other end for the problem.
The forwarding "problem" is as old as SPF. In practice,
however, when I do
SRS, the problem is as good as solved. Because forwarding, via, say, a
..forward file, is rarely a multiple-hop thing.
Theoretically, yes, the
mail I forward could hit another .forward, at the receiving
machine; so it
could be an A -> B -> C -> D thing. Of course. But that would
be silly,
because a common-sense user wanting his mail forwarded,
should just use
A -> C -> D, where I am C (cutting out B). And if I, as C, do
SRS, then
things work. And, in practice, without the cooperation of the entire
world.
I think the example should be A -> B -> C -> D would in common sense be A -> B
-> D (drop C, not B,
because be is the email address on his business card/website/whatever), but
Mark's point is correct
in my view.
Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in
Atlanta features SPF and Sender ID.
To unsubscribe, change your address, or temporarily
deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com