-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of David
Woodhouse
Sent: woensdag 8 december 2004 14:14
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Ignoring rejected mail?
On Wed, 2004-12-08 at 12:33 +0000, Mark wrote:
This has got to be your weakest argument, ever. :)
Is the official SES position now, that mail-bodies which
have been altered somehow, is mail you do not want anyway?
No, that's not what I said -- no more than the 'official SPF' position
is that mail which has been forwarded is mail you do not want anyway.
Exactly. :)
Not only is it going to be uncommon for forwarding sites to
mangle mail in a way which would break the signature,
If you're going to deny, or downplay, the use of Milters, like MIMEDefang,
that come with options which significantly alter the message, then you
could call it uncommon. In my world, however, this is way too common; and
also the reason message-signing schemes, world-wide, meet with such
moderate success: it breaks things way too often to be practical.
Also remember that the message-digest is optional anyway. You
don't have to include one -- I don't.
And as I have been replying ever-since: without the digest, there is
nothing SES offers which I cannot also accomplish with a 'self-signed' SRS
address. Including call-back verification.
We've removed the need for uninterested third parties to 'upgrade' to cope
with it -- SES can be implemented if _only_ the sender and the recipient
participate;
This argument is specious, really. Because who, actually, is this
recipient? The end-MTA? Then you require at least the cooperation of the
end-MTA. So, with SES the end-MTA has to upgrade, and the middle man is
excused. With SRS, going over a .forward, only the forwarder has to
change, and the end-MTA can remain idle (because he does SPF checks on a
fully transparent SRS address, without himself having to implement SRS).
Unless I adopt your highly exaggerated scenario of people, en masse,
forwarding over multiple .forward files. Anyone with half-a-brain will
use, say, an alumni forwarding service to have mail forwarded to the final
recipient. So, in practice, either the middle man has to change (SRS), or
the end-MTA (SES). And with SPF, designating authorized relays, you get
the extra bonus of protecting your domain name. :)
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx