spf-discuss
[Top] [All Lists]

Re: Re: Email Forwarder's Protocol ( EFP )

2005-02-27 17:25:25
On Sun, Feb 27, 2005 at 10:59:05AM -0700, David MacQuigg wrote:

Crocker's explanation of current email architecture doesn't deal 
specifically with questions of forgery, but it is clear from the above 
definition of the MailFrom identity, that this identity must be preserved 
by each Relay from Source to Destination.  That's where I am seeing the 
vulnerability of SPF.  Is it not possible for a Relay to insert whatever 
identity it wants the Recipient to think is the original MailFrom identity?

Please show where this explanation states that forwarders
are indeed relays and not, say, a user process.

Hint: I'm referring to section 4.2

"... and closing or expanding the user communication loop, by
initiating replies and forwarding new messages."

New message -> new source to new destination -> new RFC8221 MailFrom

I'm interested to see if, and where, this document would allow
to retain MailFrom when RcptTo changes (apart from internal
rewriting of RcptTo perhaps)

Alex