On Tue, 10 May 2005, Scott Kitterman wrote:
What I would have done differently is to place more emphasis on
administrators needing to control their e-mail infrastructure. At all
points in an e-mail's transmission, onward routing is either under the
control of the sender or the receiver. The point where control transfers is
the one and only one point where SPF checks can and should be done.
At that point, the transmitting MTA should be described in the sender's SPF
record and the receiving MTA can reliably check it. From that point on,
there is some kind of ongoing relationship and trust.
Whether a forwarder re-writes Mail-From as a convenience to the next
receiving MTA or the next receiving MTA whitelists that forwarder is not
material to the question of trust (WRT forgery). SRS, local whitelist,
trusted-forwarder.org, or some combination, it doesn't matter. This point
about checking at the spot where responsibility shifts has been discussed,
but doesn't seem to be crystal clear.
Well said.
I wish the FAQ at spf.pobox.com didn't say,
"Does SPF break forwarding? Yes."
Instead, it ought to say,
"Does forwarding change the way you check SPF? Yes."
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.