spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Can this really be true?

2005-09-26 06:55:43
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Seth Goodman" <sethg(_at_)GoodmanAssociates(_dot_)com>
Newsgroups: spf.-.sender.policy.framework.discussion
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
Sent: Sunday, September 25, 2005 6:46 AM
Subject: RE: [spf-discuss] Can this really be true?



Not that Exim is the last word in MTA's, but the default setup in the
current version is that the return-path has to match the authenticated
identity and if the From: header does not, it actually adds a Sender: that
does match.  I'm not suggesting that most sites use it that way, but the
fact that those are the defaults does make a statement.


Yeah, it makes a statement that EXIM could care less for user privacy
issues.

To me, from an ethical engineering standpoint (and my software is modeled on
strong ethical engineering principles long held for the past score of years
by the majority of systems),  if a ISP SMTP server validates a SMTP client
user by IP, ESMTP AUTH, it has no business adding more information that
conflict with user privacy concerns.

So if EXIM is doing this, I sincerely HOPE it is not in the MAIN
OFF-THE-SHELF- PRODUCT that everyone gets and that its just one some
personal custom or lone wolf local policy setup.

This might conflict with SPF desires, but tough. So be it.  It means SPF is
not yet ready handle all situations.

With that said,  if one were to suggest a SENDER-DOMAIN: header concept,
then that is all what SPF needs.  It doesn't need the complete address that
the user may not want to expose.

SPF people will need to realize that the world is not going to change for
SPF.  SPF needs to change for the world.  SPF has done a good job to address
a good portion of the transaction scenarios - hence its popularity thus far.
But it hindered with a few thorn on a side it can't get over.  For the parts
it fails to address, telling everyone they must change to accommodate SPF is
unrealistic if only for one reason - CHANGE - it requires change and even
then, you are still left with the legacy issue because in the end you have
to work with both new and old.

We added SUBMITTER support with just the domain exposed - not the full
address. Does EXIM support SUBMITTER?    Another way is to use a
POSTMASTER(_at_)DOMAIN address instead. This will help address this issue 
without
conflicting with user privacy concerns.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com







/


-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] Can this really be true?, Seth Goodman
Next by Date:  [spf-discuss] Re: Can this really be true?, Frank Ellermann
Previous by Thread:  Re: [spf-discuss] Can this really be true?, johnp
Next by Thread:  [spf-discuss] Re: Can this really be true?, Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]