spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Forwarder white-listing (was: draft-otis-spf-dos-exploit)

2006-11-03 07:57:22
from [Scott Kitterman] [Permanent Link] 
On Fri, 3 Nov 2006 10:25:03 +0000 Julian Mehnle <julian(_at_)mehnle(_dot_)net> 
wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wayne Schlitt wrote:

Stuart D. Gathman writes:

[...] checking SPF for a given domain more than once is a braindead
checking implementation.


How would each forwarder know that the SPF record had already been
checked by the previous forwarder? Most forwarders, be it 
universities, companies forwarding for ex employees, companies paid to
forward email, or ISPs, are set up in a way that assumes they are the
first to recieve the email and they need to do all appropriate
anti-spam checks, and that they are forwarding on to the final
destination.


That's what forwarder white-listing is supposed to address.  Each 

forwarder 

should(!) know what other forwardings have been set up by the user (the 
final recipient) in front of this forwarder, so mails from there can be 
exempted from redundant checks.


As a receiver I think I am extremely unlikely to believe anything the 
upstream MTA tells me.  Without pre-existing agreements and relationships I 
don't think this is feasible.  I don't think making the necessary trust 
arrangements is scalable.


Sure, this hasn't really been implemented anywhere yet.  But it should.
"TENBOX".


The whitelisting thing yes.  The trust me part, I don't see how.


Right, that's what I'm talking about, basically.  But, the point is
that each hop will usually be an independant organization and it would
be very hard for them to coordinate so that only one spam check is
done.


I don't think it has to be hard.  We just need a common "forwarding 

service 

description format" that describes what the forwarder's outgoing MXes are 
(that could be implemented as an SPF record) and what types of checks they 
already perform.  Put that into a file or e-mail of a standardized format, 
and any subsequent hop systems can automatically configure themselves.


But why would I believe you?


I suspect that each one would object that their software needs to be
"fixed" because spam checking is critical. 


We haven't let reactionaries stop us before, right? :-)


Yes, but you need to figure out how to solve the 'trust me' question.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Sender ID's PRA wouldn't be such a bad idea if... (was: MS Puts SID Patents Under OSP), Scott Kitterman
Next by Date:  Re: [spf-discuss] Forwarder white-listing (was: draft-otis-spf-dos-exploit), Dotzero
Previous by Thread:  Re: [spf-discuss] Sender ID's PRA wouldn't be such a bad idea if... (was: MS Puts SID Patents Under OSP), Scott Kitterman
Next by Thread:  Re: [spf-discuss] Forwarder white-listing (was: draft-otis-spf-dos-exploit), Dotzero
Indexes:  [Date] [Thread] [Top] [All Lists]