Re: SPF+SRS vs. BATV

On Tue, 2005-07-05 at 09:46 -0500, wayne wrote:

In 
<1120574145(_dot_)19467(_dot_)168(_dot_)camel(_at_)hades(_dot_)cambridge(_dot_)redhat(_dot_)com>
 David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:

Right. And in general it isn't acceptable for any large mail provider to
_not_ support forwarding, and the only feasible way they can support
forwarding it to refrain from checking SPF. That's the approach which is
taken by most so far.


The number of people doing SPF checking is increasing a lot.  I've
been meaning to create a plot of the growth of the T-FWL hits, but
I've had higher priority stuff.

 <...>

So, I disagree with your opinion, but I'm sure you aren't suprised by
that.


I misspoke. The only feasible way they can support forwarding is to
refrain from rejecting mail for an SPF failure. 

Whether they _check_ SPF or not isn't really relevant -- they can check
it and make the results available in a header, or maybe just check and
investigate the accuracy of the results for their own information.

Forwarding without rewriting the 2821.MAILFROM also causes problems
with bounces because the sender will receive a bounce from some place
that they never sent email to.


That's not a _problem_ though. That's just normal operation. It's worked
that way for years.


Uh, I disagree.  That *is* a problem.  Just because it has been a
problem for many years doesn't mean that it isn't a problem.  It has
become a much worse problem in the last 5 years or so than the
previous 20 years because so much spam has spoofed identities.


No, spam with spoofed identities has nothing to do with 'problems'
caused by forwarding without changing the reverse-path. In the case of
_fake_ mail it doesn't _matter_ where I receive the bounce from --
whether the forwarder does SRS and the bounce comes back indirectly, or
whether the forwarder is just behaving normally and the bounce comes
back directly from the final recipient. I didn't actually send mail to
_either_ of them, so why would it matter where the bounce comes from?

What precisely is the problem which you think exists?

-- 
dwmw2

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Re: SPF+SRS vs. BATV, (continued) Re: Re: SPF+SRS vs. BATV, wayne Re: Re: SPF+SRS vs. BATV, David Woodhouse Re: SPF+SRS vs. BATV (was: SPF Stats), David Woodhouse Re: SPF+SRS vs. BATV (was: SPF Stats), Stuart D. Gathman Re: SPF+SRS vs. BATV (was: SPF Stats), David Woodhouse Re: SPF+SRS vs. BATV (was: SPF Stats), Stuart D. Gathman Re: SPF+SRS vs. BATV (was: SPF Stats), David Woodhouse Re: SPF+SRS vs. BATV, wayne Re: SPF+SRS vs. BATV, David Woodhouse Re: SPF+SRS vs. BATV, wayne Re: SPF+SRS vs. BATV, David Woodhouse <= Re: SPF+SRS vs. BATV, wayne Re: SPF+SRS vs. BATV, Julian Mehnle Re: SPF+SRS vs. BATV, David Woodhouse Re: SPF+SRS vs. BATV, wayne Re: SPF+SRS vs. BATV, Greg Connor Re: SPF+SRS vs. BATV, David Woodhouse Re: SPF+SRS vs. BATV, Julian Mehnle Re: SPF+SRS vs. BATV, David Woodhouse Re: SPF+SRS vs. BATV, Terry Fielder Re: SPF+SRS vs. BATV, j o a r