spf-discuss
[Top] [All Lists]

Re: [spf-discuss] DomainDNS (DD) - new free DNS services that supports SPF

2005-09-01 16:29:35
On Fri, 2 Sep 2005, Jasper Wallace wrote:

Consider gmail.com - given the huge number of vanity domains that forward
mail to gmail, how can gmail tell which mail's are legitimate and being
forwarded, and which are spoofed?

Make strict SPF checking opt-in by user.  As part of the opt-in process,
users list their forwarders.  If they have lost track, then they
can't do strict checking.  It's that simple.

The situation we have today (and will probably always have), is that
recipients will never be able to do strict spf checking, until they can be
fairly sure that the majority of forwarders re-write the return-path in some
way or another.

If they know who their forwarders are (and they signed up, and in the
case of commercial forwarders even pay a monthly bill), then they
can do strict checking.  SRS is not required.

(gmail is why i'm setting up SRS at the moment, i've got an exists: tracking
mechanisim at the end of my spf record which lets me see who's doing spf
checking on email i send. I host a few mailing lists and a number of
subscribers forward their mail to gmail, i can use this to see which
forwarders don't do srs).

SRS is a work around for mail providers like gmail that do strict SPF
checking (assuming gmail does - which your complaint implies) even though
they don't have the requistite information.

What is much more important that SRS in a forwarder for someone checking SPF
is that the forwarder also checks SPF.  It also helps if the forwarder
publishes SPF so that the recipient doesn't have to manually track
the IP addresses of their forwarder.

I agree that forwarders should also check spf, but if we can't rely on
forwarders doing srs, then we can't publish -all spf records.

You can publish -all spf records.  They are *many* ways that recipients
screw up.  Forwarding is not the senders responsibility.

Not only that, if your recipient is FUBAR and stupidly rejects your email
because of their own forwarder, the DSN will tell you what their real email is,
and you can simply update your address book.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com