-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
K.J. Petrie wrote:
On Monday 13 November 2006 22:53, Frank Ellermann wrote:
The problem is not your cheap ISP. The real problem is your cheap
forwarder, ditch it.
and Alex van den Bogaerdt wrote:
Fixing problems at the wrong place will always result in new problems.
I couldn't put it better. These two quotes sum up my problem with the
current state of SPF. [...]
SPF is a voluntary standard, but in this area it is formulated in a way
which would only make sense for a compulsory standard. [...]
In such a voluntary standard, it simply makes no sense to place
responsibility with anyone other than the one individual who chooses to
adopt it. Placing responsibility on third parties is just plain stupid.
True. But you are missing the point that the forwarder is a chosen agent
of the receiver, and the receiver HAS chosen to adopt SPF, or he wouldn't
be rejecting mail that got an SPF "fail" in the first place.
You are right, the fault is not with the forwarder. It is with the
receiver, who chose an irresponsible forwarder. And the problem needs to
be fixed at the receiver, too, i.e. he needs to either (1) get his
forwarder to rewrite envelope senders, or (2) accept the forwarder as part
of his own e-mail network and thus exempt the forwarder from SPF checking
(which should only be done at the outer border of your network, i.e. by
the forwarder).
I am also unconvinced by the thesis that changing nothing is forgery.
Preserving the identity of the original sender is forgery? If SPF defines
it as such, why does it think the rest of the world would agree?
You don't have to agree. But I'll tell you what's gonna happen for all of
those who think that forwarders NOT rewriting the sender address to their
(the forwarders') own domains when forwarding is acceptable. Every
spammer is going to claim he's a forwarder and that he's just forwarding
spam that he received from YOU. (This is essentially what spammers are
doing now.) And because they're "forwarders", they ought to be allowed to
use your address as the sender, right?
My point being, there's no way for me to tell if someone who sends me a
message with YOUR address as the sender address is a legitimate forwarder
or just a random spammer -- EXCEPT if it was ME who ordered that someone
to forward the stuff to me.
This has been discussed to death before. It's all in the archives.
However, I'm getting the impression that we could use a handfull of cute
graphics on the SPF website explaining the forwarding issue and how it
must be solved...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFWf0IwL7PKlBZWjsRAsRJAJ49y2X0RYzkAXnZ9YzDCCjT0Ve9PQCgtncU
W0Y+A+qGT7dHjbL+4Y4x5v4=
=6cia
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735