Don Lee wrote on Friday, January 12, 2007 10:57 AM -0600:
Wait - the postal service _does_ do this. Have you seen the package
tracking that is done these days? Package/letter tracking is
*wonderful*. There is no fundamental reason this could not be done
electronically with e-mail.
This is practical for packages because the cost of tracking is much less
than the postage. There are already trace headers. The issue with
trace headers is the same one that makes forwarding problematic:
figuring out how far back to trust them is very difficult.
Besides, forwarding is not the normal case, it is an unfortunate legacy
from a more cooperative internet that has become more trouble than it's
worth. In the very long run, it will probably go away because of the
convoluted systems required to make life easy for forwarders in a world
full of spam.
Our main concern in SPF with respect to forwarding is to not break it
worse than it already is. Picking up the postal mail analogy, the Post
Office is practical only because government reserves for it a protected
right to deliver mail to your mailbox. Along with that right come
controls on privacy and anti-forgery laws with real teeth. The most
important difference from email is that all snail mail postage is paid
by the sender. Even in this restricted environment, forwarding is a
service the Post Office provides *only on a temporary basis*. The
current forwarding model does not work on today's internet because of a
combination of factors.
1) Postage is paid by recipients.
2) It is practical to send millions of unsolicited messages using stolen
resources because of security flaws in consumer software products and
ubiquitous broadband access.
3) It is legal to use a fraudulent return-path on the envelope.
4) It is legal to change any header in a message.
5) It impractical for large recipient mail systems to track all their
users' bona fide forwarders.
On the last point above, if a recipient mail system provides a way for
its users to designate forwarders into each mailbox, it would be similar
to the effort of configuring POP access to the same accounts. Like
forwarding, this is a one-time setup. Using POP does not compromise the
integrity of SMTP, as does forwarding, and there is no risk of exposing
a forwarding address if the that mailbox is unavailable.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735