spf-discuss
[Top] [All Lists]

Re: Re: Email Forwarder's Protocol ( EFP )

2005-02-28 15:04:22


Mark wrote:
Yes, it does; pobox.com should just simply not have accepted your bogus
amazon.com MAIL FROM address. Amazon publishes with "-all", and you're
not listed as an authorized relay for them.

As for the (sour) irony of pobox.com, the inventers of SPF, allowing you
this gross bogocity, well, suffice to say it raises a few eyebrows over
here. :) But it has nothing to do with the functionality of SPF itself,
and even less with SRS. In fact, with SPF switched "on", you would have
been halted at the very first MAIL FROM.

This super-awsomely-fantastic. you guys are really hitting on all cylinders, bringing up all the important problems. I've been meaning to raise some hell over this issue too ;)

I would like to suggest that pobox.com and any other forwarder or secondary MX should not accept for delivery to a relayed recipient based on pobox.com's local policy.

This "fail == reject" is a matter of local policy. In this case, pobox.com should have consulted with the final recipient to see if it is willing to accept a message with failing SPF check.

I thought SPF's mission is just to tell if the message is authentic or not, but not suggest any disposition, be it to accept or to reject.

In any case, a definitive answer cannot be given until after RCPT TO:, unless the site does no forwarding at all, in which case, an answer can be given at MAIL FROM:

We don't currently have a mechanism for this as far as I know.

Radu.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: radu.vcf
Description: Vcard