spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: [srs-discuss] Re: SRS: is there a stable implementation for postfix yet?

2006-03-28 07:56:28
from [Stuart D. Gathman] [Permanent Link] 
On Tue, 28 Mar 2006, Julian Mehnle wrote:


It's true that CSV is simpler than SPF.  However the "false rejections" 
depend on what you consider "false".  Alias-style forwarding (that 
excludes former alias-style forwarders who now use sender rewriting) isn't 
such a widely-used practice as many think it to be.


Not aimed at Julian - but adding to what he said:

There are no false rejections of alias-style forwarding by SPF 
when properly configured.  As part of configuring an SPF implementation,
a receiver must ensure that

a) he does not check SPF from his alias-style forwarders

or

b) his forwarders use SRS

I recommend a.  It is also important that the forwarders check SPF,
or there is no point in the receiver doing so.
I recommend a because the same logic must be applied in any case to any
secondary MX servers.  Alias forwarders essentially act as 
additional MX servers for your mailbox.  A big "stupid SPF trick"
is to reject mail coming in through your secondary MX for SPF fail
(I've seen it happen on several big ISPs while serving on spf-help.)

Another "stupid SPF trick" is to so SRS forwarding without checking
SPF.  This is stupid because:
a) if your forwarding targets don't check SPF, they don't need SRS
b) if they do check SPF, then you just made their efforts useless.

When talking about these "false rejections", you need to distinguish
between "user errors" and "method errors" (to borrow language from
the birth control industry).  It is a valid criticism to claim that
a method is hard to use, and hence has a high user error rate - however
low the method error rate might be.  BUT - please stop pretending
that user errors are method errors.

The number of false rejections of receiver configured alias-style
forwarding due to SPF method errors is ZERO.  I admit that the
user error rate is frustratingly high.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: [srs-discuss] Re: SRS: is there a stable implementation for postfix yet?, Stuart D. Gathman
Next by Date:  [spf-discuss] Re: [srs-discuss] Re: SRS: is there a stable implementation for postfix yet?, David Woodhouse
Previous by Thread:  [spf-discuss] Re: SRS: is there a stable implementation for postfix yet?, Julian Mehnle
Next by Thread:  Re: [spf-discuss] Re: [srs-discuss] SRS: is there a stable implementation forpostfix yet?, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]