Michael Deutschmann wrote:
Specifically, I'd like to see an ESMTP extension where a sender can say
"I'm a forwarder, the recipient knows me as X and trusts me, so don't
SPF-check this message". X would be an identity that the recipient MTA
would check against a whitelist, and it would contain a domain so the
sender IP's right to claim that identity could be verified using SPF-like
DNS records.
For SPF the X could be the HELO identity with an SPF PASS - and how the
next hop (receiver) arranges his list of known-to-be-good forwarders
is his local business. "Known to be good" should obviously include "I've
already checked SPF, don't bother to do it again, besides it won't work
because I refuse to do SRS for [insert reason]".
For SenderID the X is specified in RFC 4405, but that's about the PRA and
therefore not purely ESMTP.
Unlike SRS, which places significant burdens on the forwarder
It's the only way to fix this old post-821 issue without some kind of
white lists (i.e. without forwarders arranging trust relationships with
all their next hops). IMO the burden of maintaining such relationships
is higher than installing SRS once and forever.
If the recipient trusts a forwarder enough to stand down SPF, they can
easily also stand down the IP-blacklist training and content filtering.
Sure, _if_ that's the case. But if they don't know the forwarder we're
back at square one. The spammers would of course claim to be trustworthy
forwarders, addding some mechanism to ESMTP doesn't help for that case.
And maintaining white lists is a constant task. Maybe the receivers
could ask some central reputation server, like Wayne's existing "trusted
forwarder list". But then you don't need a new ESMTP mechanism for this.
This approach places a greater burden on the recipient than in the
original plan
The original plan is "how receivers get this right, either convincing the
forwarders to install SRS, or convincing the next hops to white list the
forwarders, is their businesss". Nothing can be a greater burden on the
individual user, because of course both admins will say "me ? Not me" :-)
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735