Hi !!
just some thoughs on how to resolve the forwarding problem without
having to wait for everybody to use SRS:
- Each SPF enabled domain should add a header on every outgoing
message with the email address of the recipient, i.e:
SPF-Original-Recipient: joe(_at_)foo(_dot_)bar
- Receivers doing SPF checks, if that header is present, should
interpret it this way:
- if the email in that header is equal to the envelope recipient
then the message has not been forwarded and neutral/softfail
could be considered just fail (see problems)
- if it is not equal then the message has been forwarded and the
spf result should not be reinterpreted. Anyway it could be easy
to maintain a database relating envelope recipients and original
recipients so the system or the final recipient could know if the
emails comes or not from a trusted forwarder (assuming that each
user has a limited set of redirections to his address and that he
knows all of them)
Problems:
- converting from softfail/neutral to fail is dangerous, it would
help to define a result (either neutral, softfail or a new one)
that means "this message does not come from an authorized server,
no other servers could send email from that domain but due to the
forwarding problem i canot give a fail result"
- when spam comes with no SPF-Original-Recipient: header there is no
way to know if the original domain servers had added it. It will help
to define a mechanism/extension so publishers could let us know if
they always add that header or not (so messages without that headers
could just be bounced)
- the only way to overcome this for a spammer is to know the forwarding
chain for a specific users, this is not impossible but improbable and
at the end will only allow to spam just one user
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com