spf-discuss
[Top] [All Lists]

Re: Explain please

2005-07-08 09:01:07
On Fri, 8 Jul 2005, David Woodhouse wrote:

Hm. Was there not something similar which was intended to carry the
original reverse-path in an SMTP extension, as one of the options which
was proposed as an alternative to SRS?

I (and probably others) had proposed resurrecting source routes (currently
deprecated) as an alternative to SRS.  Without
a crypto signature, source routes are easily forged, allowing spammers
to turn forwarders into bounce spam open relays.  Still, the crypto
cookie could be included in the source route, and verified by the
forwarder to prevent this.  MTAs are all supposed to parse and ignore source
routes, so nothing would break.  However, just as many MTAs in reality 
reject prefectly legal chars such as '+', so they choke when
presented with a source route.  So while theoretically, source routes are a 
completely compatible way to do SRS with no localpart limits, in
practice RFC compliance is too sketchy to rely on it.  

This is sad, because the most beautiful part of the solution is that
the forwarder(s) *and* the original MAIL FROM are all recorded in full.
SRS can record up to 2 forwarders, but is butt ugly and subject to
localpart limits.

You could experiment with adding source route to SRS.  Recipients
should ignore the source route, and you can still deliver bounces
using the SRS in the last leg.  But you can see how many will spit back
the source route information - making the full SRS unnecessary.
For recipients that support source routes and spit them back, you can use a
plain crypto sig (like original SES) for the last leg to prevent forged bounce,
relays, and not have to worry about localpart size limits.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>