spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Forwarder white-listing

2006-11-03 13:22:13
from [Scott Kitterman] [Permanent Link] 
On Fri, 3 Nov 2006 15:10:30 +0000 Julian Mehnle <julian(_at_)mehnle(_dot_)net> 
wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Kitterman wrote:

Julian Mehnle wrote:

That's what forwarder white-listing is supposed to address.  Each
forwarder should(!) know what other forwardings have been set up by the
user (the final recipient) in front of this forwarder, so mails from
there can be exempted from redundant checks.


As a receiver I think I am extremely unlikely to believe anything the
upstream MTA tells me.  Without pre-existing agreements and
relationships I don't think this is feasible.  I don't think making the
necessary trust arrangements is scalable.

[...]


I don't think it has to be hard.  We just need a common "forwarding
service description format" that describes what the forwarder's
outgoing MXes are (that could be implemented as an SPF record) and what
types of checks they already perform.  Put that into a file or e-mail
of a standardized format, and any subsequent hop systems can
automatically configure themselves.


But why would I believe you?


Oh, in fact it's pretty simple.  Just have the "downstream" (to-be-confi- 
gured) MTA generate a one-time password and have the user enter it into 
the "upstream" MTA's "hand-over-configuration-details" interface.  The 
upstream MTA then includes the one-time password when sending its 
configuration mail to the downstream MTA, which can then verify that it is 
really the user who authorized the white-listing of the upstream MTA.


I think you and I have different definitions of simple.

Now I have some basis to believe you aren't lying about who you are, but I 
don't see how that translates into I believe you when you promise you 
already checked SPF and I needn't bother?

I think this needs reputation and/or accreditation to work.  Not simple.

Scott K

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Forwarder white-listing (was: draft-otis-spf-dos-exploit), Scott Kitterman
Next by Date:  Re: [spf-discuss] Re: draft-otis-spf-dos-exploit, Scott Kitterman
Previous by Thread:  Re: [spf-discuss] Forwarder white-listing (was: draft-otis-spf-dos-exploit), Scott Kitterman
Next by Thread:  [spf-discuss] Re: Forwarder white-listing, Julian Mehnle
Indexes:  [Date] [Thread] [Top] [All Lists]