At 11:34 PM 2/26/2005 +0100, Frank wrote:
Classic SPF supporters don't believe in Dave's "bounces-to"
concept and prefer the original STD 10 "originator" concept:
| Once the transmission channel is established, the SMTP-sender
| sends a MAIL command indicating the sender of the mail.
The key idea is that we MUST avoid sending bounces to a forged
address. Return-Path is usually forged in a spam. Even with IP
authentication at each hop, reliance on the Return-Path requires a chain of
trust with no broken links from the sender to the receiver.
That's one hell of a difference between STD 10 and the
email-arch-02 ideas. (Most probably Dave sticks to his
"bounces-to" idea in draft 03, I haven't checked it yet).
I think you are confusing me with Dave Crocker, who wrote
<http://www.ietf.org/internet-drafts/draft-crocker-email-arch-03.txt>http://www.ietf.org/internet-drafts/draft-crocker-email-arch-03.txt
- Internet Mail Architecture. DC's document isn't a proposal for any
protocol, but a clarification of email terminology and an explanation of
the way things are. It cleared up a lot of confusion for me. I highly
recommend it as a framework for any discussion of email protocols. DC's
figures.3 and 5 are what I started with in making my sketches of "spam
flows" at http://www.ece.arizona.edu/~edatools/etc/Spam%20Flows.txt
The suggestion of using a different path for Bounces vs Delivery Status
Notices is mine, although I'm sure someone has thought of it before. It
seems like there is no way to avoid the problems with Return-Path
forgery. I would like to see DSN's also go the Bounce path, but that would
probably break too much with existing practice. Either way there is less
harm in sending DSNs to a forged Return-Path than in sending Bounces to the
Return-Path. The latter should never have been done. Not only does it
spam the Return-Path, but it rewards spammers with a 2 for 1 hit.
Note: Bounce (with a capital B) is my device to distinguish Bounces from
DSNs ( and MDNs, which we haven't even talked about yet ). I think in DC's
diagram, a bounce ( as it is done now) would be a rude form of DSN. :>)
-- Dave MacQuigg
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com