It's a catch-22. MTAs send DSNs to the envelope sender, but SPF mandates that
the envelope sender change.
Four solutions (from easiest to most difficult):
1. SRS.
2. Store instead of forward.
3. Forwarder whitelisting.
4. Alter DSN/return-path behavior.
RFC 2821 really botches up this whole return-path business.
RFC 2821 return-path behavior:
1. Delete return-path headers.
2. Create a return-path header if you think you should.
3. Delete return-path headers.
4. Create a return-path header.
This makes no sense to me, whatever. It's like you put a letter in the mailbox
and when the mailman picks it up, he erases the return address. Then, an
intermediate post office writes a return address. Then, the destination post
office erases the return address and then writes one. Then, when a delivery
failure occurs, the letter is sent back to an intermediate post office instead
of the original sender.
I think fixing this behavior is the best solution, albeit most difficult. MTAs
should send DSNs to the return-path and the return-path header should be
created by the originating MUA. The MSA may alter the return-path according to
local policy. Subsequent MTAs/MDAs should preserve the return-path header
already in place. Wow, that'll never happen.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com