How does the UDP call-back work? My mail hubs (which is where the MX records point) don't know about any users. They only know they
can relay for domains specified in their configuration file so they can't verify valid users. Also I didn't know that Sendmail
responded to UDP requests... My Firewall certainly doesn't allow it.
I receive eMail via a set of inbound only hubs and send eMail for other servers. The servers that the users interact with and know
who is a valid user are different servers and don't interact directly with the Internet (some send directly others send via the out
going hubs). Wouldn't the call-back break here if the inbound hubs can't truly validate the users?
Seth Goodman wrote:
From: Julian Mehnle [mailto:julian(_at_)mehnle(_dot_)net]
Sent: Friday, August 26, 2005 10:03 AM
<...>
I predict that forwarding without sender rewriting will die and SPF (or
an equivalent technology) will succeed, because, overall, authenticity of
sender addresses simply is much more important to users than forwarding
without sender rewriting, which can (from users' perspective) be easily
substituted by forwarding _with_ sender rewriting.
It doesn't have to be a choice of forwarding with rewriting vs. no forwarding.
There _are_ techniques for delivering forwards without rewriting the
return-path. One such method is SES. The return-path stays the same
throughout message transport and uses a UDP callback mechanism to validate the
return-path. In the SPF context, it is only necessary to do this callback when
the other SPF mechanisms do not match, i.e. a non-SRS forwarder. The
advantages are that it does not require the cooperation of any intermediate
forwarders, and the recipient does not need a forwarding whitelist. Signing
mail with an SES return-path does not break legacy applications, so it can be
phased in. You also get the ability to reject forged bounces before data as a
side benefit.
I'm sure there are other ways to accomplish this, but this is at least one
workable method.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com