spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Explain please (Was: SPF Stats)

2005-07-06 09:32:03
from [Daniel Taylor] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



David Woodhouse wrote:

On Wed, 2005-07-06 at 11:56 -0400, Terry Fielder wrote:



Nor does the admin at [the receiving site] need to know.  The 
[forwarding site], and needs to ensure the forwarder forwards without forgery 



I see no RFC definition of this 'forgery' of which you speak, and of
which Alex raves so hotly. It's purely an invention, to work around the
brokenness of SPF.

What if I were suddenly to claim that my name may not be used in the
From: header of mail coming from anywhere but my own servers, and I
cried that the mailing list's use of my name was 'forgery'?

Surely you would all just laugh at me? Why then do you expect your own
cries of 'forgery' to be taken seriously by all forwarding hosts in the
world?

This 'forgery' of which you speak is normal behaviour and has been for
years. By expecting it to change you are tilting at windmills. Using
emotive words to describe standard behaviour doesn't change that fact.


One last try:
If I get an e-mail from example.org fraudulently claiming to originate
from example.com that is forgery. That is what SPF is specifically
created to prevent.

If I get an e-mail from example.net that is a legitimate forward from
example.com that claims to be directly from example.com I cannot tell
the difference between the legitimate message and the above forgery.

Dilemma: do I accept the forgery, or reject the legitimate message?

Further consideration: I have to decide this as quickly and cheaply
as possible, and stay within RFC compliance as well.

Simply put, the reason that SPF breaks the forwarding you love so
much is because it is indistinguishable from the forgery that SPF
specifically exists to prevent.

This is not a breakage of SPF, it is a natural consequence of the
situation, and ANY general solution to the problem of e-mail source
forgery is going to require changes on the part of forwarders. It is
simply unavoidable as long as forwarding is done using a technique
that is indistinguishable from forgery.

- --
Daniel Taylor          VP Operations            Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com   http://www.vocalabs.com/        
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCzAeD8/QSptFdBtURAoSUAJ9f2VY1UD+EbAfhUyd/WDyVzIEpTACeM3XL
qe63hGsr7c93DJm4yhDT3Lo=
=9gxN
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Forwading/Redirecting: The problem as I see it...., David Woodhouse
Next by Date:  Re: Conflict with challenge/response filters, David Woodhouse
Previous by Thread:  Re: Explain please (Was: SPF Stats), David Woodhouse
Next by Thread:  Re: Explain please (Was: SPF Stats), David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]