spf-discuss
[Top] [All Lists]

Re: Forwading/Redirecting: The problem as I see it....

2005-07-06 09:36:36
On Wed, 6 Jul 2005, David Woodhouse wrote:

You can observe that in general, #3 and #4 are both true. Very few
forwarding sites perform SRS and it's very hard to get details of all
possibly forwarding from your users, and it's even harder to turn that
into a list of IP addresses, which may change _daily_.

That is what SPF is for.  The target should list forwarding domains, not IPs.
If the forwarder publishes SPF records, the IP address list is automatic.
Even if the forwarder doesn't publish SPF, the target can feed a
best guess record like "a mx ptr ?all" into the SPF machinery.
Whitelisting via raw IP addresses is, as you say, problematic.

The main problem with fixing #3 from an end user standpoint is that many
forwarders don't publicize their sending domain.  They don't use it in MAIL
FROM (although they really should), so they don't think it matters.
It takes an astute end user to figure out what domain the forwarder
ought to be using in MAIL FROM but isn't.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.