On Sun, Feb 27, 2005 at 10:59:05AM -0700, David MacQuigg wrote:
Crocker's explanation of current email architecture doesn't deal
specifically with questions of forgery, but it is clear from the above
definition of the MailFrom identity, that this identity must be preserved
by each Relay from Source to Destination. That's where I am seeing the
vulnerability of SPF. Is it not possible for a Relay to insert whatever
identity it wants the Recipient to think is the original MailFrom identity?
Please show where this explanation states that forwarders
are indeed relays and not, say, a user process.
Hint: I'm referring to section 4.2
"... and closing or expanding the user communication loop, by
initiating replies and forwarding new messages."
New message -> new source to new destination -> new RFC8221 MailFrom
I'm interested to see if, and where, this document would allow
to retain MailFrom when RcptTo changes (apart from internal
rewriting of RcptTo perhaps)
Alex