spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: solving the forwarding problem

2005-09-10 22:37:43
from [Frank Ellermann] [Permanent Link] 
David wrote:


- Each SPF enabled domain should add a header on every
  outgoing message with the email address of the recipient,


Won't work, any "update all MUAs" idea is doomed as "FUSSP"...


i.e:
   SPF-Original-Recipient: joe(_at_)foo(_dot_)bar


...besides we do have 2822-To and 2822-Cc for the simple cases.


- Receivers doing SPF checks, if that header is present,
  should interpret it this way:

[...]

Actually receivers should know whether they have any and which
forwarding arrangements (if you're talking about the user).

If you're talking about a third party MX checking SPF (behind
any 251 "new RCPT TO" scenario), it's an *essential* point of
SPF that checks are possible _without_ looking into the DATA.

A major difference to pure 2822-schemes like SID (PRA) or DKIM.


Anyway it could be easy to maintain a database relating
envelope recipients and original recipients so the system or
the final recipient could know if the emails comes or not
from a trusted forwarder


Yes, per-user-whitelists (ideas like the forward master plan
or VARA) can be a solution, better than the global "trusted
forwarder list".  But for that you don't need some new 2822
header fields created the sender.  It's strictly a problem of
the receiver to get this right for his forwarding topologies.

SPF *_kills_* 1123 5.3.6(a) forwarding to 3rd parties without
SRS or prior arrangement with the next hops, it's finished, it
was broken by design for 16 years, it's on the same technical
level as open relays:  In an ideal world it could work, but in
practice (today) it doesn't.

 [new "half-FAIL" result after a "half-open relay" forwarder]

but due to the forwarding problem i canot give a fail result


If you _know_ that it was forwarded you have no business to
check SPF MAIL FROM, therefore you also don't need "half-FAIL"
results.  BTW, one way to detect this situation is an SPF HELO
PASS for a known forwarder.
                               Bye, Frank


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] solving the forwarding problem, Dick St.Peters
Next by Date:  [spf-discuss] DKIM modifier (was: solving the forwarding problem), Frank Ellermann
Previous by Thread:  Re: [spf-discuss] solving the forwarding problem, Raymond Neeves
Next by Thread:  Re: [spf-discuss] solving the forwarding problem, Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]