spf-discuss
[Top] [All Lists]

Re: Re: RFC 2821 and responsibility for forwarding

2004-12-07 19:23:10

----- Original Message ----- From: "Alex van den Bogaerdt" <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Tuesday, December 07, 2004 8:35 AM
Subject: Re: [spf-discuss] Re: RFC 2821 and responsibility for forwarding


On Tue, Dec 07, 2004 at 08:01:54AM -0500, Nico Kadel-Garcia wrote:

>I already explained that I do not expect nor want a bounce from
>you3.  I may not even be able to communicate (for _whatever_ reason)
>with you3.

And Alex, you're a nice guy, but you're just plain weird. In almost all
such cases people want to know about the bounce ASAP, because it means
their email didn't get through. They don't care much whether the bounce is
at the forwarding SMTP server or the final target SMTP server.

So, please describe to me how a server in China should hand me
the bounce when I decided to block all of the address space in
China that I know of.  I don't send messages there, I can't receive
bounces from there.

Then you're screwed by your own aggressive policy.

Your point is that I want to know delivery failed.  I don't get
to know about this.

If the final target SMTP server returns the message to the forwarding
SMTP server, and if the forwarding SMTP server returns the message to
me, all is well.

Which is what SRS and SES do, quite correctly. I was under the impression that you did *not* want the bounce handed back and wanted to leave it as the problem of the forwarding host, because it's the problem of the forwarder. It seems that you're leading right to the position I was suggesting.

I send mail to "you(_at_)yourhouse".
Someone at yourhouse decides to resubmit the message to "you(_at_)otherplace"
The postoffice responsible for otherplace cannot deliver the message.
The postoffice at otherplace will initiate a return to sender.

So far, so good.

The returned mail will most likely take a similar route (if not the
same route) back to me.  That's exactly what I'm proposing all the
time.

Nope. It's not likely *at all* to take the same route, unless the forwarding address is within the same post office's delivery area as the address you sent to. If the person being forwarded to has moved even one town away, the route will differ.

The returned mail will be delivered to me by my local postal service,
by someone familiair to me, by an entity I recognize.  It won't be
handed over to me by whatever service it was that tried delivery to
otherplace.

Sure it will. It's the same Post Office company, if you're going to use the word "service" this way.

Until now, your analogy supports my proposal very well. Thank you for
that.

Nope. You've really got it backwards.

Now we're going to mix in a bit of fraud (compare this to viruses and
spam).  I've sent a couple of letters to you.  You want to reply to my
letters but you do not want to pay for it.  So, what do you do? You
tell the postoffice this letter should be forwarded to your new address.
The postoffice accepts it, tries to deliver it, fails, "returns" the
letter to me, I accept the "bounce" and start reading your reply.

Nice, we can commit fraud because of a friendly postal system.

Nope. Someone has to pay to send it in the first place, so the fiscal fraud you mention isn't possible. A weird fraud where you think you sent the letter and open the "bounced" message is possible. That's what happens with the bounces from email worms, and it's exactly what SPF is designed to help prevent or block.

Repeat.  Repeat again.  At some moment, more and more people start
this kind of fraud.  You can bet your **** that the postal system
will not accept messages for forwarding anymore, despite several
people complaining about the change.  It simply would not be allowed
anymore and both black hats and white hats suffer from this.

No, they simply make it a felony to use a fraudulent sender address. And it is, in fact, a felony, at least in the US. The federal government takes mail fraud very, very seriously.

There is another method to forward the mail:

1) I send to you(_at_)yourhouse
2) someone(_at_)yourhouse sticks my letter in another envelope
3) someone(_at_)yourhouse sends the letter to you(_at_)otherplace
4) otherplace cannot be reached
5) postal service returns letter to someone(_at_)yourhouse
6) envelope is opened, my letter is found
7) someone(_at_)yourhouse returns letter to me

Of course, "someone(_at_)yourhouse" equals 
"postmaster(_at_)yourdomain(_dot_)tld"

Again, your analogy supports my proposal.

No, that's SRS and SES. It's fairly common to do in the postal world when someone gathers up your mail once a week and passes it along personally, but it needs to be automated for broad usage.

<Prev in Thread] Current Thread [Next in Thread>