spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Per/user policies in "Large Domains" (was Fixing Forwarding with RPF)

2006-11-16 12:31:15
On Thu, 16 Nov 2006, Scott Kitterman wrote:

Go look at RFC 2821 and show me how to reject the message for one recipient 
and accept it for another?

Issue 5xx for the RCPT TOs  you don't like.  Issue 2xx for the ones you like.
You must be tired.

The difficulty concerning SPF is that once you move to the RCPT TO phase,
and start acception/rejecting, you don't get another chance to reject
the entire message until DATA.  This is a problem because spammers
like to try hundreds of recipients looking for ones they can spam
(dictionary attack).  I don't like giving away which RCPT TOs are valid,
which is why I prefer rejecting at MAIL FROM.  

But a large ISP might perfectly well want to delay applying local policy
to the SPF result until RCPT TO so that they can lookup policy for 
each account.  Note that naively checking SPF fresh for each RCPT TO
would feed a Doug O scale DoS.  It should be evaluated once, and the
result cached.  Only the local policy changes with RCPT TO.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/?list_id=735

<Prev in Thread] Current Thread [Next in Thread>