spf-discuss
[Top] [All Lists]

RE: Re: RFC 2821 and responsibility for forwarding

2004-12-07 07:01:29
 
] On Behalf Of william(at)elan.net
Sent: 07 December 2004 12:43

That is good in theory but
 1. There is no redirect to different server command in SMTP right now
551 is supposed only to be used to say you wont accept because you should
try a different address (RFC2821). So it is currently available, just not
widly implemented.

 2. Some people do not want to tell what address they are 
actually using
    (they expose to the world their external forwarding 
address but may
     want to keep their internal address hidden and spam-free 
and use it 
     only to communicate with their close friends)
Then there is no point in bouncing the message back to me. A->b->c and c is
private, but if it bounces you send a message to a saying C is full/offline
whatever. So you have no privacy anyway.
Shot down this one. I spam B it goes to B which bounces from C and back to
A. I the spammer now have the address of C because the MTA at B put it in
the notification. There is no privacy through obscurity. If you want to keep
private then you get a POP3 mailbox at B and make sure it never fills up.

 3. In some cases we may have situation A->(B->C)->F where B 
& C are on 
    the same network and B is network gateway and C is real 
mail server 
    which knows where to redirect mail to. So during A->B session B
    can not tell if mail needs to be redirected, nor can it tell A to
    contact C because C is behind firewall, but once email got to B
    it does not make any difference if B sends mail to F or if C does,
    both of those are not on the origin network and would fail SPF.

Bad design of (b->c). You should not accept mail and then bounce it
internally. In this case if C is behind a firewall so is F, so F should have
C on its relay whitelist.  Unless you are suggesting that both sides of the
firewall are connected to the internet :)

I didn't say that there would be no requirement to change. We have ISP's who
implement 3 and have asked for a solution which allows bouncing/forwarding
at B. We are working to give them that. 

The point is that there is a solution and SPF would over time force users to
use that solution. If you are a forwarder and you don't implement 551 then
some of the mail you send will bounce. Over time you will either implement
551 or lose customers.

Open relays were wonderful, but abused, so they are being closed. Simple
cheap forwarding is wonderful, but being abused, so it has to be closed.

Of course, you could always reinject the mail using the sender at B rather
than A in which case SPF will always pass and you are a happy bunny.

Richard.



<Prev in Thread] Current Thread [Next in Thread>