spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] solving the forwarding problem

2005-09-11 15:41:24
from [Theo Schlossnagle] [Permanent Link] 
Stuart D. Gathman wrote:


On Sun, 11 Sep 2005, Theo Schlossnagle wrote:
Sorry you talk abou the receiver that uses the alias and a receiver who controls their inbound mail setup as the same person. They hardly ever are. One is a user and the other is a mail exchange administrator. One does not have control over what the other does. 

A requirement for an mail admin to reject on SPF, is that he identify
*all* points of inbound email.  If he does not provide his users with
a way to inform him of aliases the users has authorized (or said user
has not made use of the mechanism), then he (the mail admin) cannot correctly
reject on SPF FAIL for such users.
That is an infeasible internet-wide deployment. An assumption from that is that people cannot reject on SPF fail except under the rarest of circumstances. Recipients are not always the ones configuring aliases that send mail to them. Others may do so legitimately as well. Many recipients couldn't communicate that information even if such a channel of communication between user and admin was available -- they just aren't aware of it as it has never been important. 


This is the mirror of publishing SPF.  You cannot correctly publish
an SPF record with -all, unless you identify *all* points of oubound mail.
Checking SPF is not different.
Understanding your outbound mail isn't enough. You can't publish -all unless you know that all potential receivers will not forward mail by standard practices. That insight is impossible except for rare edge cases. 


This means that for most ISPs, where there is not a direct hand-holding
relationship between mail admin and users, strick SPF checking must
be opt-in by user.
That's a deployment strategy complicated enough to completely deter deployment.
SPF, to be successful, must provide senders the facilities to describe policy and receiving ISPs the facilities to enforce those policies without the cooperation of their subscribers. 

--
Theo

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] solving the forwarding problem, Stuart D. Gathman
Next by Date:  Re: [spf-discuss] solving the forwarding problem, Hector Santos
Previous by Thread:  Re: [spf-discuss] solving the forwarding problem, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] solving the forwarding problem, Mark Shewmaker
Indexes:  [Date] [Thread] [Top] [All Lists]