spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Fw: SRS vs BATV

2006-02-16 18:01:32
On Thu, 2006-02-16 at 20:31 +1300, Craig Whitmore wrote:

Quite a number of email servers use callbacks
[...]

This would fix calls backs

I've read through this thread multiple times, but I still can't see the
actual problem you're trying to address.

If an MTA does callback verification of incoming messages' MAIL FROMs to
make sure that each one is a valid MAIL FROM address, by doing a CBV
test of querying with a pretend-to-be-a-bounce "MAIL FROM:<>", well,
that makes sense.  (I do that in fact.)

If you're saying that some MTA's try to do an equivalent of a VRFY
command by doing the same sort of CBV's (with "MAIL FROM:<>") on
*outgoing* messages to verify RCPT TO: addresses, then that's just
obviously completely wrong (1)--but they could still do the same type of
test with a real address--simulating the sending of an new message
instead of simulating the sending of a bounce.

So where does any advantage come in by delaying the acceptance of a
bounce/message test/not-test until after DATA?


(1)  For instance, "user(_at_)example(_dot_)com" might be a valid address
     to send mail to, but if example.com does SES it might not
     be valid address to send bounces to, so CBV tests querying
     via "MAIL FROM:<>", "RCPT TO:<user(_at_)example(_dot_)com>" should
     obviously fail, even though a test of
     "MAIL FROM:<user(_at_)other(_dot_)example(_dot_)com",
     "RCPT TO:<user(_at_)example(_dot_)com> should succeed.

-- 
Mark Shewmaker
mark(_at_)primefactor(_dot_)com

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com