spf-discuss
[Top] [All Lists]

RE: Re: SPF implementations

2005-08-13 12:23:49
From: Seth Goodman [mailto:sethg(_at_)GoodmanAssociates(_dot_)com]
Sent: Saturday, August 13, 2005 2:04 PM

<...>

People using "redirect" or "bounce" forwarding keep the From:
header and add their own address as the Sender: header.

In the fine tradition of responding to one's own posts, let me clarify this
a bit.  While some people think it is appropriate to keep the return-path
intact on "redirect" forwards, I do not agree with this.  The idea,
according to proponents of that practice, is that the message should have
gone to someone else in the first place, so the original sender should get
any bounces.  I disagree with that for the following reasons.  Let's say the
redirecting sender makes a typo in one of the new To: addresses, or uses a
dead address.  The original sender did _not_ send the message to those
additional recipients, even though they perhaps should have, so will be
confused by the bounce from a party to whom they did not send the message.
In either case of misspelling or dead account, it is the redirecting sender
who is in a position to fix the problem, not the original sender.  Since
bounces don't always have the complete headers intact, it may not be
possible for the original sender to figure out who redirected their message.

The solution is for redirecting senders to use their own return-path.  This
will not only prevent an SPF failure on reception, it will also cause the
return-path and the most recent originator header to be in agreement, as
they should be.

--

Seth Goodman


<Prev in Thread] Current Thread [Next in Thread>