spf-discuss
[Top] [All Lists]

RE: Sendmail white paper

2004-11-24 02:35:34
Hi,

I'm not sure what definition of 'broken' you use when you say that
'naïve forwarding is broken'. SPF breaks it, yes. But it wasn't broken
before SPF. It was fine. 

Naive forwarding is most definatly broken.

I often post to people and get a bounce from some server because they set
their mailbox up to forward the mail to another box and they have exceeded
their quota. It gets worse, there are some systems out there that take POP3
multidrop mail and reinsert it into the net as if it came from me at their
host, so it gets sent to some guy who doesn?t know me because the forwarding
system is busted, and he accuses me of spamming. Great, you sign up to my
mailing list, forward the mail to someone, and I get accused of being the
spammer.

For this reason ftgate.com publishes a -all. If you want to forward mail
from our domain to another location then you had better make sure that the
forwarding system uses its own envelope address and doesn?t impersonate us.
If you forward my message then you are sending a new message and you MUST
not pretend that you are me, that is spoofing, in the real world its called
impersonation and you get locked away for it.

This also allows users of SPF to know that if the message passes SPF then it
really did come from us and isnt spam, or a zombie virus.

As the domain owner, the -all states that noone will send email from my
domain without it going through my servers. This is clear concise and to the
point. IF I want to allow any tom, dick or Harry to forward the mail and
pretend to be me I publish ?all. As the domain owner it is my decision.

Regards

Richard Bang
Floosietek Ltd
richard(_at_)ftgate(_dot_)com
http://www.floosietek.com



<Prev in Thread] Current Thread [Next in Thread>