spf-discuss
[Top] [All Lists]

Re: Re: Email Forwarder's Protocol ( EFP )

2005-03-01 00:11:44
"Chris Haynes" <chris(_at_)harvington(_dot_)org(_dot_)uk> writes:

The SMTP process delivers the original mail to the original recipient address'
mail box.  As far as that address is concerned, the SMTP process has done its
job; the mail has been successfully delivered.

But now that mail box has a mechanism which takes the original content (I'm
chosing my words very carefully here) and initiates a new message-sending
process using a _new_ RcptTo address; the forwarding address. It initiates a 
new
SMTP sending request.

Suppose that the mechanism uses the _original_  MailFrom address.

What is happening is that an intermediary which has no authority from the
mailFrom entity is sending a message to a recipient address which is unknown 
to
the mailFrom entity. The mailFrom entity cannot be held accountable for 
sending
the message (<i>any</i> message - see below) to that new address.

The intermediary is committing forgery (or fraud, or lying or whatever 
euphamism
you wish to use).  It is asking the SMTP system to transmit something to an
address, and falsely claiming the authority of the mailFrom entity for that
transmission.

Not only that, but the original sender does not want to receive a DSN
from the 'forwarded to' address. If the mail was sent to
user(_at_)example(_dot_)com, a (non-delivery) DSN from another ISP saying that
delivery to some.user failed is often of not much help to the
sender. These DSNs often give no indication of the original recipient,
they just say "while talking to xxxxxx" which makes it difficult for
the sender to determine which email has failed to be delivered. It
would be much more sensible if the forwarder handled the DSNs and
re-wrote them to send back to the sender giving no information about
the account to which the mail was forwarded (except maybe to say that
forwarding was attempted). This would also give more 'privacy' to the
recipient as it would not expose their (potentially transient) other
email addresses.