spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] solving the forwarding problem

2005-09-10 04:55:56
from [David] [Permanent Link] 
Hi !!


- Receivers doing SPF checks, if that header is present, should
 interpret it this way:


You are totally missing the point of checking SPF.
The message can be rejected before it is received.

>
> Nothing in the DATA part will help, there will not be a DATA part.

then you obviously cannot check any header, if you have read carefully
what i say (maybe i should explain it better) this is only for spf results neutral and softfail, where spf does not allow to bounce before 
DATA.  If you reject the message then this not aplies, if spf result is
pass there is also no forwarding problem and then this also does not
apply. For softfail and neutral you don't know if the message has been
forwarded or it's just a forgery. What i try to do here (at DATA phase)
is distinguish between forwarded and forged messages.


As is said before:  "forwarding" is a receiver problem.  The message
is received (by the forwarding party) and is resent.  The forwarder
and the next recipient will have to make sure SPF isn't checked at
that point.


you still don't know if the message has been forwarded or not, that's
why almost verybody publish softfail or neutral default results instead
of fail.


The problem: forwarders abuse other people's names.


forwarders just do forwarding, they do not abuse anything.


The solution: stop forging messages, with or without good intent.  SRS is
              one of the possible solutions


yes, but you have to wait until 100% people use forwarding (i think
you will pass many years before this happens), in the meantime SPF is
not too much effective.


A workaround: don't verify SPF when you receive a message from this forwarder


yes, still, how do you know if the message comes from a forwarder or is
just a forgery ? in other words, this opens a big door for forgeries.

--
Best regards ...

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] solving the forwarding problem, Alex van den Bogaerdt
Next by Date:  Re: [spf-discuss] solving the forwarding problem, Alex van den Bogaerdt
Previous by Thread:  Re: [spf-discuss] solving the forwarding problem, Alex van den Bogaerdt
Next by Thread:  Re: [spf-discuss] solving the forwarding problem, Alex van den Bogaerdt
Indexes:  [Date] [Thread] [Top] [All Lists]