In <42A86F31(_dot_)21CA(_at_)xyzzy(_dot_)claranet(_dot_)de> Frank Ellermann
<nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> writes:
P.S.: I just got a PM with an improved "forwardmaster plan",
as far as I can tell it this should work to bypass SPF (per
user) where necessary: <http://wiki.outboundindex.net/VarA>
Unless I'm missing something, this appears to be a variation of the
"whitelist forwarders on the receiving end" (section 9.3.3.1 of the
spf-classic I-D).
I like the way April figured out how to save most of the state in the
local part of the email address, but in reality, I'm not sure that is
such a huge savings. The receiving MTA has to
<tokent>_<forwarder.tld>@receiving-isp.com to
<real-localpart>@receiving-isp.com. I'm not sure that is, in
practice, that much simplier than simply knowing that <real-localpart>
wishes to whitelist <forwarder.tld>.
BTW, I remember April's .mxout. idea also when it was posted to the
MARID list. If the rDNS identity proposals (MTAMark, etc.) were ever
really considered, I would have probably favored .mxout. over those.
(It has been over a year, I would need to review everything to be sure.)
-wayne