spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [spf-discuss] Alias forwarder as associate MX

2005-09-15 11:27:07
from [Seth Goodman] [Permanent Link] 
From: Stuart D. Gathman [mailto:stuart(_at_)bmsi(_dot_)com]
Sent: Thursday, September 15, 2005 1:02 PM


On Thu, 15 Sep 2005, Seth Goodman wrote:


As convenient as it is, I really can't buy the argument that
forwarders are really gateways.


<...>



I wasn't trying to argue that.  My point is that SPF configuration
for an alias is no different than SPF configuration for a secondary
MX.


OK, I missed your point, sorry.  This is a good analogy.  The only weakness
in the analogy is that it is the sysadmin who is in a position to setup the
secondary MX and whitelist it.  In the case of end-user forwards, the users
create the forwarding arrangement, unbeknownst to the sysadmin.  The
solution is obvious: let the users specify their forwarders on their email
account properties web page.  Per-user forwarder whitelisting is must less
dangerous than site-wide forwarder whitelisting.


<...>


As far as actual problems on spf-help, people leaving their
secondary MXs out of the SPF whitelist is *very* common.  I have
yet to see an actual example of someone complaining about alias
forwarding - making the problem largely theoretical for me.

I suspect this is because non-technical mail users usually notice the
new email address in the DSN (the only part they understand),
and simply resend their message to that and update their address book.


This is pretty instructive.  Do you have any idea what other people on the
SPF help system see, or can you search the problem reports yourself?  Of
course, since this has been such a widely publicized problem, not only by us
but by SPF's vocal detractors, implementers may expect some rejections and
not create help system reports.  How much of a problem this is also depends
on how many domains publish -all instead of ~all.  Until domains
publish -all, I wouldn't expect rejections due to forwarding.

--

Seth Goodman

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] solving the forwarding problem, Seth Goodman
Next by Date:  RE: [spf-discuss] Alias forwarder as associate MX, Stuart D. Gathman
Previous by Thread:  RE: [spf-discuss] Alias forwarder as associate MX, Stuart D. Gathman
Next by Thread:  RE: [spf-discuss] Alias forwarder as associate MX, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]