At 02:12 AM 2/26/2005 +0100, you wrote:
On Fri, Feb 25, 2005 at 05:49:31PM -0700, David MacQuigg wrote:
> We can then use the Received: headers for the bounce path instead of
> bouncing directly to the forged Return-Path:. If the mail is legit,
> sending it back along the bounce path will get it to the same place as the
> Return-Path. If its a forgery, the bounces will stop where they
should, at
> the forger's domain, and not bother anyone at the forged Return-Path.
>
> So to make SPF work with forwarders, we don't need any new headers, just a
> few more words in an existing, widely accepted header, and an agreement on
> how forwarders should handle bounces.
>
> Am I missing something?
You cannot assume you can connect to a host that connected to you.
And no, not being able to connect back is no indication of forgery.
It doesn't have to be the same host. If I get a spam forwarded from
pobox.com, and I bounce it to postmaster(_at_)pobox(_dot_)com, it gets to the right place.
-- Dave