On Wed, 2004-11-24 at 10:59 +0000, Chris Haynes wrote:
"David Woodhouse" asserted yet again:
With DomainKeys? Forwarding to D doesn't fail, because the message is
signed to prove that it came from you. Spoofing fails, but normal
operation of the Internet continues just fine.
But David, DomainKeys does not stop forgery. Forgers can still send forged
'plain' mesages claiming to come from the originator. Recipients have no way
of
knowing that the originator only ever uses DK.
That's an omission in the current DK draft which does need to be
rectified. In IIM it's published in the DNS. You know that the address
in question will _always_ sign mail, so you can reject anything which
doesn't bear a valid signature.
SPF is about detecting forged envelopes.
Forwarding involves forgery.
It might be claimed that it is 'benign' forgery, because it provides a useful
service.
But the kind of forwarding we are discussing is done at the behest of the
recipient, not of the sender.
No, it's at the behest of the forwarder.
It is the sender's mail-from address which is being abused / forged without
her
knowledge / permission.
Logically you must be taking one of the following four positions:
1) That forwarding does not involve forgery and SMTP abuse,
I agree with this.
2) That forwarding involves forgery and abuse, but is benign and therefore
should be tolerated within SPF,
I disagree with this. Forwarding of mail is no more 'forgery and abuse'
than routing of IP packets is forgery, or delivering of snail mail with
its original return address is forgery when it actually came via the
local post office. That's just the way the world works.
3) That all mail-from forgery should be permitted, and therefore SPF
should not exist,
I do not believe that all mail-from forgery should be permitted. Only
mail which truly does original from a given address should be able to
use that address. Forwarding is fine -- that's just normal transit
through the system.
4) That SMTP should be re-designed to accommodate forwarding.
SMTP doesn't need to be re-designed to accommodate forwarding;
forwarding works just fine. Did you mean that SPF should be re-designed?
If so then perhaps yes I do agree. Or did you mean that SMTP should be
re-designed to accommodate SPF? Then no, I don't think that's necessary
because we can fix the problem without a re-design.
We _can_ change SMTP if we really really need to. The closing of open
relays was an example of this. But we had almost universal agreement on
that. You'll see a porcine implementation of RFC1149 before you see that
level of agreement on the need to deploy of SRS or otherwise 'fix'
forwarding.
The problem with SRS is not just that it's too complicated and difficult
to deploy; it's that it's not _necessary_. If you can fix the problem
_without_ changing the world, why on earth would you not do so? You're
tilting at windmills.
Forwarding is common practice. Unless we actually _need_ to change that,
there's no point in us trying to do so. There are plenty of ways we can
address the problem of _real_ forgery, without trying to get the world
to change to accommodate us.
--
dwmw2