spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: forwardmaster autoresponder

2005-04-27 06:50:42
from [Radu Hociung] [Permanent Link] 
Frank Ellermann wrote:

Radu Hociung wrote:



I propose an alternative method, the "forwardmaster" method.



"Automatical per-user forwarder white lists", good idea.
IMHO better than trusted-forwarder.org or op=trusted.

Minor nits:  If a forwarder publishes a sender policy it
doesn't guarantee that it actually checks SPF.  For Meng's
op=trusted idea I've added some overhead for forwarders
who are also MSAs (RfC 2476), but probably you don't need
any of these ideas for your concept.


As I mentioned, the user will see the full effects if his forwarder does
not do SPF. Indeed, the forwarder does not even do basic spam filtering,
the user will see that effect too.

This is an issue that the user has to resolve with the forwarder, either
by getting them to publish SPF and do spam filtering, or by switching to
a different forwarder.

In any case, it is not the local domain's problem.



What you probably need need is to identify forwarders by 
their HELO and IP against SPF or CSV or a "forwardmaster"
list of hardwired IPs (worst case).


No, that's not at all what is needed.

What _is_ needed is that the receiving MTA evaluate the pair of
(incoming IP address, "forwarded account" as MAIL-FROM) for an SPF verdict.

Example: mail-from sender(_at_)hotmail(_dot_)com sends email to rcpt-to
account(_at_)forwarders(_dot_)com which forwards to rcpt-to 
recipient(_at_)example(_dot_)com(_dot_)

When the connection arrives from 1.1.1.1 (the outgoing MTA of
forwarders.com) with a mail-from sender(_at_)hotmail(_dot_)com, the MTA at
example.com will do the following checks:

1. 1.1.1.1 and sender(_at_)hotmail(_dot_)com against SPF record @ hotmail.com
2. 1.1.1.1 and account(_at_)forwarders(_dot_)com against SPF record @ 
forwarders.com

the first check will yield "SPF fail", and the second will succeed with
"SPF pass" or "SPF none", given that recipient(_at_)example(_dot_)com had
previously informed forwarmaster(_at_)example(_dot_)com to expect mail for him 
via
account(_at_)forwarders(_dot_)com

Radu.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: forwardmaster autoresponder, Frank Ellermann
Next by Date:  Re: forwardmaster autoresponder, Frank Ellermann
Previous by Thread:  Re: forwardmaster autoresponder, Frank Ellermann
Next by Thread:  Re: forwardmaster autoresponder, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]