spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Fixing Forwarding with RPF

2006-11-12 15:37:47
On Sun, Nov 12, 2006 at 11:24:20PM +0100, Ralf Doeblitz wrote:

I don't think this would be the best solution. The exist mechanism
combined with macro expansion can almost do the job.

Sender:       A
Forwarder:    B
Forwarded-to: C

The problem:
A publishes an SPF record, authorizing only host A
B uses "MAIL FROM:<user(_at_)A>"
C tries to match host B in the SPF record of A.

How does your proposal work?

C uses a local whitelist prepended to the SPF record of A and can integrate 
the whitelist specified by its own user. The extensions are only necessary 
if you need to differenciate between multiple domains and/or serves on the 
receiving end, otherwise the existing macro mechanism is sufficient.

Simplified example, to see if I understand what you mean:

C knows that B is forwarding.
IP address of B is 192.0.2.1
A is sending mail to B, B forwards to C

C does:
-1- fetch record from A (because of MAIL FROM:<user(_at_)A>)
-2- local whitelist:  s/v=spf1 /v=spf1 ip4:192.0.2.1 /
-3- normal processing

Yes, this works.  But it does not solve the problem at hand.
RPF was made up to solve "C knows that B is forwarding."

Your proposal (if I interpreted it right) solves the steps
thereafter, in a different way than I suggested.


I don't see obvious advantages. Why start the SPF process at
all, in stead of doing "if not whitelisted, then do SPF" ?

Alex

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735