-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Kitterman wrote:
Julian Mehnle wrote:
That's what forwarder white-listing is supposed to address. Each
forwarder should(!) know what other forwardings have been set up by the
user (the final recipient) in front of this forwarder, so mails from
there can be exempted from redundant checks.
As a receiver I think I am extremely unlikely to believe anything the
upstream MTA tells me. Without pre-existing agreements and
relationships I don't think this is feasible. I don't think making the
necessary trust arrangements is scalable.
[...]
I don't think it has to be hard. We just need a common "forwarding
service description format" that describes what the forwarder's
outgoing MXes are (that could be implemented as an SPF record) and what
types of checks they already perform. Put that into a file or e-mail
of a standardized format, and any subsequent hop systems can
automatically configure themselves.
But why would I believe you?
Oh, in fact it's pretty simple. Just have the "downstream" (to-be-confi-
gured) MTA generate a one-time password and have the user enter it into
the "upstream" MTA's "hand-over-configuration-details" interface. The
upstream MTA then includes the one-time password when sending its
configuration mail to the downstream MTA, which can then verify that it is
really the user who authorized the white-listing of the upstream MTA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFS1vrwL7PKlBZWjsRAoRDAKCrEM0pisC8Q6dfLa1Bg2On23l13QCg63XV
YC6aSmEqSfXfsIfkRhgL10I=
=b/Hs
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735