On Tue, 5 Dec 2006, David MacQuigg wrote:
You are perhaps thinking of roaming users?
No, these are stationary users with email accounts at their own companies,
or at aol.com, cox.net, hotmail.com, msn.com, or yahoo.com to name the top 5.
I'll try not to use the word "send" where precision matters. box67.com
transmits no mail, and it doesn't authorize anyone to transmit on its
behalf. I use the word "transmit" to mean sending across the Internet to
unrelated parties, not internal delivery within an Administrative
Domain. For the purpose of forwarding mail to our clients' designated
private mail storage addresses, we become part of an Administrative Domain
set up by the recipient. The recipient should have his mail storage agent
whitelist his forwarded mail. They are welcome to check the SPF record on
our HELO name, whitelist our IP, whitelist mail to a specific recipient
address, or use whatever method they find helpful. We haven't gotten any
requests for SRS, SID, or DKIM.
So you want your clients to use user(_at_)box67(_dot_)com in MAIL FROM, despite
not authorizing any of them to do so? Sorry, their mail will
(hopefully, increasingly) get rejected.
I don't understand the leakage worry. Do you mean bounces to a fake Return
Address? How would you discover my private mail storage address?
Unless you've modified sendmail/postfix/whatever, it will notify the sender
of a failure to deliver to private(_at_)company(_dot_)com via the SMTP reject
message.
1) (Preferred) Submit mail to their home server on port 587 using SMTP AUTH.
This requires configuring the mail client, and works well with carrying
a laptop or email capable PDA. SSH, VPN, and webmail are other solutions
for submitting through the home system.
Good advice, but box67.com is not involved in that part of the
process. Tom at raytheon.com has to work with his mail admin, setting up
whatever authentication is appropriate for their company. When he puts
box67.com in his Return Address (because his mail program offers no
separate Reply-To), we can't be publishing an SPF record authorizing
Raytheon's transmitters, and we certainly can't take responsibility for any
spam from those transmitters. The best we can do is ?all.
Hopefully, raytheon.com will block email claiming to be from box67.com,
because it is not a domain they have authorized, and is clearly coming
from a zombie (confirmed by the ?all in the SPF record).
What you seem to want to do, use MAIL FROM box67.com from random
email systems without specific authorization, is EXACTLY the kind of thing
zombies do - and which SPF is designed to prevent. You need to rethink
your strategy. Describe your ultimate goal, and perhaps we can help.
I don't see a Sender field in either Eudora or Outlook. Why is there a
need for Sender, if we already have From, Reply-To, and the Return
Address? RFC-2822 says it is useful for secretaries, but this seems
frivolous. I think the boss could simply use a different Reply-To address,
if he wants replies routed to his secretary.
Sender is for sending email from a foreign domain or email account - like
you want to do.
As long as there are two independent addresses we can play around with,
this might work, but it is getting complicated, and we'll have to work with
each recipient setting up their email program.
Yes, each email program is going to have different braindamage. Sorry.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735