On Fri, 24 Jun 2005, Graham Murray wrote:
"Roger B.A. Klorese " <rogerk(_at_)queernet(_dot_)org> writes:
If the message is MAIL FROM:<me(_at_)here(_dot_)com>, it does not become MAIL
FROM:<you(_at_)somewhere-else(_dot_)com> just because it gets passed along.
It's
still mail from me(_at_)here(_dot_)com(_dot_) It's not MAIL
BEINGINJECTEDINANSMTPSESSIONBY:.
Even that is arguable. The purpose of MAIL FROM (in RFCs 821.2821) is
as the 'bounce' address to which DSNs are sent. So, if I send mail to
you(_at_)example(_dot_)com and example.com forwards it to
someuser(_at_)bigisp(_dot_)com and it is
undeliverable, I would want the DSN to tell me that it was not
delivered to you(_at_)example(_dot_)com, not
someuser(_at_)bigisp(_dot_)com(_dot_) bigisp.com
should send the DSN to example.com which should send a DSN from
you(_at_)example(_dot_)com back to me.
It is quite possible that you(_at_)example(_dot_)com might not want me to know
their 'real' email address, but if the forwarder keeps the original
MAIL FROM then this information can be exposed.
Either way it would rely on that forwarder knows privacy settings of
whoever email is forwarded to. So if forwarder chances MAIL FROM it
would then accept bounce emails and based on those privacy settings
would either enter original RCPT TO address or let the final rcpt to
address be exposed. That means its no different then when forwarder
does not change MAIL FROM except for cases where privacy settings
direct it to do it.
So forwarding without changing the MAIL FROM is broken for reasons
other than SPF.
I happen to disagree, see above. But that is not to say that I see
problems with forwarders changing MAIL FROM - if forwarder wants to
do it and take more direct role in bounce handling, that is fine.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net