spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: The state of draft-schlitt-spf-classic-00 within the IETF

2005-02-24 20:03:10
from [Stuart D. Gathman] [Permanent Link] 
On Thu, 24 Feb 2005, David MacQuigg wrote:


7.2  The Received-SPF header

    It is RECOMMENDED that SMTP receivers record the result of SPF
    processing in the message headers.

Why only RECOMMENDED?  It seems like this will be a MUST for 
forwarders.  How else can they convey they results of their authentication 
downstream?  Where is there any discussion of procedures for forwarding 
email, like how bounces should be handled?


If a forwarder rejects SPF fail, then Received-SPF is not absolutely
necessary for a forwarder - they don't need to convey the results 
downstream.  Bounces are handled the way they always have been.

Several concrete options have been provided for forwarders with
varying degrees of change required and transparency to end recipients.
In all cases the forwarder should check SPF and reject spf FAIL
before forwarding.

1) do nothing.  The recipient whitelists the forwarder.  Since envelope
   is unchanged, bounces go to the sender prior to the forwarder.
2) do one of several SRS flavors.  The recipient doesn't need
   to treat the forwarder specially.  Bounces go to the forwarder,
   then to the prior sender.

In neither case does the recipient do anything special with bounces.
They simply go to the return path (MAIL FROM) as always.

If the forwarder for some inscrutable reason decides not to check SPF
(e.g. pobox.com), then the recipient can still recover by using the
last Received header (presumably the forwarder can be trusted to get 
that much right) and doing SPF themselves.  This is, of course,
not at all transparent and a huge pain for the recipient (especially
if the forwarder does SRS without doing SPF since the SRS must
now be unwrapped) and they would be advised to use a different forwarder.
However, SpamAssasin is capable of doing "after the fact" SPF using
the Received header from a trusted forwarder.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  DNS lookup limit?, Stuart D. Gathman
Next by Date:  RE: Handling of -all, Julian Mehnle
Previous by Thread:  Re: The state of draft-schlitt-spf-classic-00 within the IETF, David MacQuigg
Next by Thread:  Re: Re: The state of draft-schlitt-spf-classic-00 within the IETF, Dennis Olvany
Indexes:  [Date] [Thread] [Top] [All Lists]