-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Julian Mehnle wrote:
Michael Deutschmann wrote:
I think the approach to dealing with forwarders needs to change. In
particular, I think we should sideline SRS and work on some kind of
SMTP extension to make forwarder whitelisting easier.
Specifically, I'd like to see an ESMTP extension where a sender can
say "I'm a forwarder, the recipient knows me as X and trusts me, so
don't SPF-check this message". X would be an identity that the
recipient MTA would check against a whitelist, and it would contain a
domain so the sender IP's right to claim that identity could be
verified using SPF-like DNS records.
This alternative approach to solving the forwarding problem, other than
SRS, has been known for a long time. The you-missing-it thing is
probably due to the website not pointing it out very well. ;-)
I forgot to mention that you don't actually need an ESMTP extension to do
that. You just have to go through all domains on your personal "trusted
forwarder" white-list, resolve their SPF records, and see if the sending
IP address is among _any_ of them. You don't even need an "SPF-like"
system -- SPF itself can very well be used for that.
(And of course you don't have to resolve all the SPF records on the fly for
every incoming message. You can cache them.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFphqkwL7PKlBZWjsRAuy2AKDd7Ae85Ob+CrmeRQG2BmcnIH8mSACgxooq
piTkOiaa4vdKMjdf8U31YLU=
=c7wA
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735