spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[spf-discuss] Re: TENBOX -- Writing glue code for Trusted E-mail Network BOundary eXpansion

2006-08-19 16:20:21
from [Frank Ellermann] [Permanent Link] 
Julian Mehnle wrote:


the amount of work necessary will not decrease directly just
because we give the complex concept a fancy name.


The last fancy name for this issue was "forward master plan".


A user must be able to define and store his trusted e-mail
network associations (specifically including his trusted
forwarders), and communicate them to his receiving agents.


That's the difficulty, a user can't reliably determine this
without the help of the forwarder.  The receiving side (MXs)
of the forwarder is clear, but for the sending side (mailout)
the forwarder would have to offer e.g. coherent HELOs with a
corresponding SPF PASS, or a similar CSV construct, or sign
all forwarded mails with DKIM.

"Forwarders" using SRS, message/rfc822, multipart/digest, or
whatever, anything modifying the MAIL FROM when they modify
the RCPT TO a non-local address, are of course no problem.

In theory that could cover RFC 821 source routes, where the
MAIL FROM is guaranteed to be modified.  In practice that's
hopeless, because MTAs won't support it anymore.  So for the
"traditional forwarders" keeping the SPF FAIL protected return
path as is, how can the user determine and describe the set of
"mailouts" for this forwarder ?

A simple test mail to his own forwarded address isn't good
enough, the forwarder can have more than one "mailout", and
even if there's only one it might change its HELO identity
any time.  A known plus fixed set of HELO identities would
help.  But you don't have this if the "traditional forwarder"
doesn't care.

Another proposal was to replace SPF checks by VarA configured
per user.  Maybe users trying to bypass SPF FAIL behind such
"traditional forwarders" need several options:  VarA, DKIM,
HELO PASS, CSV, depending on the forwarder.

A big obstacle, nobody in the chain from original sender over
(admin of) forwarder(s) to (admin of) final destination is
necessarily interested in the problems of this user.

Frank


-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: C/R systems, Julian Mehnle
Next by Date:  [spf-discuss] Re: C/R systems, Frank Ellermann
Previous by Thread:  [spf-discuss] TENBOX -- Writing glue code for Trusted E-mail Network BOundary eXpansion, Julian Mehnle
Next by Thread:  Re: [spf-discuss] TENBOX -- Writing glue code for Trusted E-mail Network BOundary eXpansion, Jeff Macdonald
Indexes:  [Date] [Thread] [Top] [All Lists]