Dick St.Peters wrote:
A typical MAILFROM might look like so:
"@gateway1,@gateway2:user(_at_)host3".
The important point is that the MAILFROM wasn't specifying
who was sending the mail, it was specifying the reverse of
the *path* the mail came from.
Sure, that's why some say that SPF is a "path registration
scheme" (for its MAIL FROM part). It "reinvents" the source
routes to a certain degree (limited to the "return to sender"
cases).
In your example gateway2 had a reason (we hope) to accept a
MAIL FROM:<user(_at_)host3>, e.g. because it came from (surprise)
host3.
And gateway1 was confident that it could return the mail to
gateways2 if there's a problem with the delivery. Same idea
for gateway2: It knew how to return the mail to user(_at_)host3,
in a straight forward case send it back to host3 (or its MX).
The gateways would also refuse to take too many undeliverable
sh*t, they'd get it back later. Above all they'd refuse to
accept anything where the reverse path doesn't work reliably,
because then bounces would queue up in their outbound folder.
Therefore it worked until the source routes were considered
as unnecessary: why should gateway1 return to gateway2 if it
could as well return it directly to user(_at_)host3 -- or in the
forward direction, why should user(_at_)host3 bother gateway2 if
it can directly talk with gateway1 (assuming that gateway1
is the MX of the final recipient).
So there were several reasons to deprecate source routes,
but unfortuately that also opened the "forwarding loophole".
The choice of "MAIL FROM" for the SMTP command is
unfortunate
[...]
it looks like a statement about who is sending the mail.
That has *never* been what it meant.
"SMTP injector" is one meaning, "bounces to" the other. Or
maybe "SMTP responsible party (especially errors)". That's
a mouthful, let's stick to MAIL FROM.
The "bounces to" idea is IMO too broad, OTOH "sender" is too
narrow (sender won't cover senders before real gateways into
SMTP, e.g. news2mail).
I am *not* arguing that traditional forwarding should
continue unchanged. I no longer do it myself. I'm still a
forwarder, but I rewrite the MAILFROM using SRS. I consider
this a violation of the RFCs
It's not, there always was 5.3.6(b). It's nowhere required
that you MUST only modify the RCPT TO keeping the MAIL FROM.
You could argue that that's the idea of 5.3.6(a). But you
could also argue that it's the idea of MX to get rid of most
251/551 cases a.s.a.p., because all unnecessary hops waste
bandwidth and add potential sources of trouble.
Absolutely nowhere does 5.3.6(a) suggest that it's about a
user who's ashamed of his aol-address and prefers a fancy
alumni.edu-alias forever. 1989 bandwidth was expensive.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com