On Sun, 5 Dec 2004, jpinkerton wrote:
Just a small comment here -
Surely a forwarder *is* a sender - he receives an e-mail and re-injects it
into the system - with various manglings of the headers according to his
whim. The re-injection of an e-mail is "sending" an e-mail - therefore he
is a sender.
That is not exactly so. Its always been a debate of SMTP experts if
forwarding is reinjecting or not and everyone is still devided. But
majority currently believe that automated forwarding does not constitute
reinjecting and forwarder is not a sender but intermediate transfer
agent. I personally decided to call such systems Mail Redirection Agents
to emphasise that they are changing course of email transmission
and its being done in automated way.
I have never understood why forwarding is such a problem - it is in the
hands of the receiver. Anyone (even me) can set up various MTA's (my ISP
maybe) to forward mail to them - and in doing so the responsibility for
ensuring that the mail is correctly sent on to the recipient falls fair
and square on the recipient. It's the recipients decision to have his
mail forwarded/resent, so it's up to him to get it right.
You're forgetting that we have large installed base of such redirection
systems and while it maybe recepient's decision to forward the email and
their responsibility, because we're changing how email works, we end up
changing what they need to be responsible for.
There seems to be a discussion point about how "friendly" we have to be to
forwarders, and *that* is perhaps the real debate here. How long do we
accomodate bad configurations of all sorts of things, and the answer is
surely simple - until those bad configurations cause the rest of the
world-at-large as serious problem.
They are not bad configurations, they are perfectly well working
configurations right now. We're asking them to change for greater
good of making email more traceable and less vulnerable to spofing
of bounce message. We did ask people to change how email works once
- that is to close open relays, and it was a big deal back then but
at least then people undertood that open relays is a security issue,
they do not see it the same way for forwarding.
Well, we now have a serious problem - it's called spam,
SPF is NOT solution to spam!
Putting accreditation and repution on SPF is at best problematic
and is not a main goal of SPF community anyway.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net