spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sendmail white paper

2005-01-11 09:38:30
from [Daniel Taylor] [Permanent Link] 
Hannah Schroeter wrote:



In Germany, when I ask to have my mail redirected after moving, letters
flow like this:

1) original letter. On the envelope, it's stated
   Sender: Some Name
           Some Road 42
           12345 Some Town


And here is the weakness. Say I want to get mail to "Some Name" and I don't
want it to appear to be from me. I put this down as the Sender and proceed below: 


   Recipient: Hannah Schroeter
              Old Road 17
              54321 Old Town

2) The letter is posted and directed to the distribution site for zip
   code 54321. There, the redirection (forwarding) list is checked and
   they find, oh, this is forwarded to New Road 15, 23456 New Town.
   They cross the old recipient address and write the new one on it
   (or use some sticky label for that purpose).

   Note that the do *not* replace the Sender, nor hide it!
So you are preserving the forged, unauthenticated sender from the first step. 


3) The letter is re-posted and directed to zip code 23456. There the
   local distributor puts it into my new mailbox in New Road 15.

So snail mail forwarding, in Germany, works exactly like legacy .forward
style email forwarding, no sender rewriting involved!


This is because sender forgery is NOT a major problem in snail mail,
and where it is there are civil and criminal laws to allow redress for the forged sender. 

You do not get joejobs of some poor mom-and-pop grocery being inundated with
millions of postcards all claiming to be from them but sent to bogus addresses because it would cost too much. In e-mail you get exactly that, because the incremental cost of 
sending e-mails for spammers is NIL.

Worse, the millions of e-mail postcards come "postage due".


And noone accuses the mail distribution service in Old Town of forgery.

As it's still a letter from Some Name, reachable at Some Road 42 in Some
Town, to me. And *not* a letter from me, Old Road 17..., to me New Road
15... And *not* a letter from (garbled pseudo-name), (garbled
pseudo-street), 54321 Old Town to me. *That* would in fact be
misrepresenting the authorship.

And btw., if for some reason my address in New Road 15, 23456 New Town
isn't reachable, yes, the original sender, Some Name, comes to receive
the return. Yes.


Only if they are indeed the original sender.
This is a problem with e-mail that has no analog with snail mail because the costs in e-mail are shifted differently. This is _why_ we need SPF, and why SRS or better 
is needed if you want to support forwarding.

--
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Sendmail white paper, Alex van den Bogaerdt
Next by Date:  Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt, wayne
Previous by Thread:  Re: Sendmail white paper, Alex van den Bogaerdt
Next by Thread:  Re: Re: Proposed policy on Forwarding, Hannah Schroeter
Indexes:  [Date] [Thread] [Top] [All Lists]