spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Promoting NEUTRAL or SOFTFAIL result to FAIL

2006-02-28 15:35:05
from [Dick St.Peters] [Permanent Link] 
Mark Shewmaker writes:

However, you also say in the above message that:

3.  "If the CBV RCPT [...] isn't valid, that's caught before
    DATA".

#3 seems to me to be incompatible with both #1 and #2.

Isn't checking whether a CBV RCPT is valid the very definition of a
false-bounce/fake-bounce check from the server's point of view?


No, not if you run SRS (and rewrite all MAIL-FROMs).

For mail sent from here, a legitimate bounce is sent to an SRS-rewritten
valid address, a fake bounce is one sent to a non-rewritten address.
(To be more precise, a fake bounce is one sent to an address that does
not SRS-reverse to a valid address.)

RCPT processing checks for invalid addresses regardless of MAIL-FROM.

If the MAIL-FROM is empty (i.e., a bounce), DATA command processing
checks for RCPTs that are not rewritten or that don't reverse.

This exchange is highlighting how different schemes break things for
each other.  Your CBV wants to know if an address is a valid
MAIL-FROM, which by definition means it would be a valid bounce
recipient.  You try to test this by simulating a bounce, aborting it
before DATA.

Previously, if an address was a valid mail recipient, it was
automatically a valid bounce recipient and valid MAIL-FROM.  SRS,
which is forced upon forwarders by SPF, makes most valid mail
addresses become invalid as bounce recipients.  This alone is so
useful in eliminating forged bounces that many non-forwarders run SRS
for just this purpose.

Non-rewritten addresses here are invalid bounce recipients.  However,
they are still used as MAIL-FROMs on mail sent from other networks.
To keep CBV from rejecting this mail, I have to defer rejecting
bounces until the bounce-sender says it actually wants to send bounce
data.  Depending on what you perceive to be CBV's purpose, this
either breaks CBV (by preventing it from determining a MAIL-FROM won't
accept bounces) or fixes CBV (by preventing it from rejecting
legitimate mail).

Mail is so simple ...

--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com 

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [spf-discuss] Immediate reject of invalid RCPT, Stuart D. Gathman
Next by Date:  Re: [spf-discuss] Immediate reject of invalid RCPT, Julian Mehnle
Previous by Thread:  Re: [spf-discuss] Immediate reject of invalid RCPT, John Kelly
Next by Thread:  Re: [spf-discuss] Re: Promoting NEUTRAL or SOFTFAIL result to FAIL, Mark Shewmaker
Indexes:  [Date] [Thread] [Top] [All Lists]