spf-discuss
[Top] [All Lists]

Re: SPF Forwarding Scenario

2005-04-11 11:11:48
On Mon, 11 Apr 2005, Commerco WebMaster wrote:

No, the original machines do not relay from untrusted sources - as you 
pointed out, that would be an open relay and obviously a very bad thing for 
the server operator.

Then you don't have a problem.

and misuse by identity theft.  If that is still true, then how exactly can 
an SPF publisher announce that they do not forward beyond their SPF PASS 
servers, such that the final receiving SPF aware MTA can discover this and 
both block the message before it is sent to the end recipient and block 
sending the bounce back to the original sender whose information was 
fraudulently added to the message header?

Forwarding is not something that senders do.  It is something that
receivers do.  Yes, it is possible for receivers to configure forwarders
in such a way that email to the forwarded address can be forged.  There
are many other ways in which receivers can fail to implement SPF
properly as well.  If a receiver must allow forgeries via a non-SPF
checking forwarder for legacy support purposes, hopefully they will 
also not treat such mail as SPF checked (which it isn't).

Your job as a sender is to publish via SPF which MTA you as a sender use
to send mail.  Any forwarding set up by receivers is not your responsibility.
Indeed, there is nothing you can do about it.  Forwarders are essentially
an outsourced part of the receivers mail network - just as your SMTP
servers are an outsourced part of your sending mail network.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>