Hi !!
The problem: forwarders abuse other people's names.
forwarders just do forwarding, they do not abuse anything.
According to "v=spf1 a -all" they do. That's what the policy
dictates.
this is acording to a concrete (yours) spf policy , from a non
spf point of view or in general case they abuse nothing.
yes, still, how do you know if the message comes from a forwarder or is
just a forgery ? in other words, this opens a big door for forgeries.
If the forwarder has address 172.16.1.2, and if you receive a message
from a connection from address 172.16.1.2, do not check SPF.
>
The operator of a mailserver (the provider) can make this configurable
per receiving mailbox. Yes, that's work to do.
you have a database relating ip address and recipients so you know
which of them is a forwarder, true ? then anyone at the forwarder
could send forgeries to you. What i propose is the same database
but relating forwarding email addresses instead of forwarders ip's.
That would restrict the chance of forgeries.
Receivers do know about their forwarders. From this you should be able
to understand why forwarders and/or receivers should setup a mechanism
and not senders.
yes, but try to convince everyone in the world to use srs, including
those that consider spf totally broken. In the meantime we could try
something more feasible.
As you can see, it is quite easy to come up with reasons why "F" should
not fake an originator address. If not for technical reasons, consider
at least #4 .
well, forwarding has been here for a long, with multiple uses and you
will not convince everybody on the world to stop using it, this is a
fact, so any assumption that suposes that forwarding does not exist,
is not used or is not allowed will not survive.
--
Best regards ...
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david(_at_)ols(_dot_)es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com