Julian Mehnle writes:
Strange it may occur to you, but that's how it is. SPF is about domain
owners defining who (which IP addresses) may send mail on their behalf,
and the kind of forwarding you describe (i.e. where the recipient did not
instruct or does not even know about the forwarding) is about using
someone else's identity when sending mail without their approval. Those
two concepts are fundamentally incompatible.
Julian, have you ever actually read any of the RFCs? The MAILFROM is
simply a return path, not a statement of who is sending the mail. It
is - and always has been - *explicitly* the return path.
Maybe just reading the RFCs isn't enough to understand what that
means. Maybe you have to have been there, to have experienced the
history of email. I'll try to convey some of that historical
perspective.
In the early days, internet email was hardly the only email system.
UUCP email spanned the globe, or would shortly, and BITNET email and
CSNET email served their respective (large) communities, as did a
variety of smaller email systems. There was no common protocol and no
common syntax for addresses, and only a few gateway computers were
part of more than one email system and able to send mail from one mail
system to another.
Even internet mail wasn't thought of as a single system in which every
sending site could transmit mail directly to every receiving site.
Instead, internet mail was an aggregate of independent mail systems
connected through gateways.
To send mail to someone, you had to know how to get it there, usually
by routing it through a series of gateways. As mail traversed the
specified path, each gateway extended the reverse path by moving
itself from the forward path to the reverse path. The reverse path
was then given to the next hop. For internet email, this was the
purpose of the MAILFROM. A typical MAILFROM might look like so:
"@gateway1,@gateway2:user(_at_)host3".
The important point is that the MAILFROM wasn't specifying who was
sending the mail, it was specifying the reverse of the *path* the mail
came from. In the words of RFC 821:
This form is used to emphasize the distinction between an
address and a route. The mailbox is an absolute address, and
the route is information about how to get there. The two
concepts should not be confused.
By the time of RFC 1123 (1989), it was expected that all internet mail
hosts could talk SMTP directly to each other - that mail would
normally go directly from origin to destination. Explicit routing
through gateways became deprecated. This made the reverse path a
trivial one containing only the destination host, so it looks like an
address. However, conceptually it was, and still, a path. When mail
is forwarded, the MAILFROM is supposed to be the (direct) reverse
path.
The choice of "MAIL FROM" for the SMTP command is unfortunate, because
to people coming to SMTP today without reading the RFCs and without the
historical perspective, it looks like a statement about who is sending
the mail. That has *never* been what it meant.
However, you don't reach my age without learning that even protocols
can change meaning by misinterpretation.
Note that I am *not* arguing that traditional forwarding should
continue unchanged. I no longer do it myself. I'm still a forwarder,
but I rewrite the MAILFROM using SRS. I consider this a violation of
the RFCs, but I also consider it only a temporary workaround until
something better comes along.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com