spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Email Forwarder's Protocol ( EFP )

2005-02-27 11:17:36
from [David MacQuigg] [Permanent Link] 
At 04:27 AM 2/27/2005 +0000, Mark wrote:

Dave wrote:
>
> The validity of the Return-Path depends on a fragile chain of
> trust all the way back to the Source.

Return-Path correlates to the reverse-path (MAIL FROM entity).

> If even one Relay is compromised, the Return-Path may be forged.

A forwarder doing SRS does not forge Return-Path; it just gets set along
the way, appropriately, to his new SRS address.
What is to prevent a forger from altering a Return-Path at some Relay along the way? 


[snip]
> I think we are in agreement on the necessity to not send
> Bounces to the wrong domain. The key question is whether we
> can trust the Return-Path after it has been through so many Relays.

Any and all information not added by your own MTA is inherently
untrustworthy, unless the message was digitally signed. Which is why I
believe checks against MAIL FROM entities are really best done at MAIL
FROM.

Overall, I feel that an MUA sending a bounce is actually acting 'out of
line' a bit. If his MTA has accepted the message, and made final delivery,
then the MUA should not try and second-guess that decision, and
start sending out bounces of its own.
The recipient is the best judge of what is spam. Quick and automatic feedback from Recipients is vital. Recipients want, and the mail system can benefit from, Recipients having a "Reject as Spam" button. These Bounces must not be sent to forged addresses. The Return-Path is easily forged. I can't see any way to prevent that, even with SRS. Therefore, we need a better way to route Bounces. 

-- Dave


*************************************************************     *
* David MacQuigg, PhD              * email:  dmq'at'gci-net.com   *  *
* IC Design Engineer               * phone:  USA 520-721-4583  *  *  *
* Analog Design Methodologies                                  *  *  *
*                                  * 9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.             * Tucson, Arizona 85710        *
*************************************************************     *

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: DNS lookup limit?, Nico Kadel-Garcia
Next by Date:  Re: the state of the web site updates and some discussion, Mark Shewmaker
Previous by Thread:  RE: Email Forwarder's Protocol ( EFP ), Mark
Next by Thread:  Re: Email Forwarder's Protocol ( EFP ), Dennis Olvany
Indexes:  [Date] [Thread] [Top] [All Lists]