Dick St.Peters wrote:
Before 1123 the principle of operation was to add forwarding hosts
to the reverse path. It wasn't possible to modify the RCPT TO
without also modifying the MAIL FROM (adding an @forwarder.example
to the reverse path)
Not in my expereience. I still have a lot of email from the mid-80s,
before 1123 was issued. A lot of it was forwarded, and except for
mail forwarded from non-SMTP mail systems, I can't locate a single
example that had a forwarding host prepended to the MAIL FROM.
STD 10 is absolutely clear about this, but I can't say what sendmail
actually did at this time (before 1989). My sendmail "experience"
was some years later and about some shaky UUCP routes.
Email admins (of which I was one) weren't stupid and didn't want the
reverse mail passing through their systems when it didn't have to.
In other words they were in fact "stupid" because nobody foresaw that
somebody would forge a MAIL FROM. It's sad that we can't ask the RFC
821 author if he was just lucky or really smarter than the rest of us.
But probably lucky, othewise he would have said something against the
RFC 1123 optimization wrt forwarding.
1123 simply documented the practice of forwarding with a minimalist
reverse path.
Too bad. The combined costs of closing / blocking open relays, and
of trying to fix the remaining loophole with SPF, are probably bigger
than the hypothetical costs of keeping the reverse paths as designed
in 821. Admittedly I can't imagine a way how to get rid of source
routing in only one (= forward) direction. They should have killed
5.3.6(a) as collateral damage in 1989, sparing us today's nightmares.
Yes, but blaming forwarding for spam is like blaming email for spam.
Without email, there'd be no spam, so let's fix the problem by getting
rid of email ... :)
Not funny, if SPF can't secure the Return-Path for NDRs, DSNs, 3834,
and MDNs the next logical step is "let's ditch ESMTP and try jabber".
It's often easier to solve problems by tossing out features many
people don't use.
Yes, like MS "fixing" gopher in IE by disabling it, I know the drill.
But IMO 5.3.6(a) isn't an essential feature, there are numerous ways
to get similar effects without the "modify only RCPT TO" approach.
Many email service providers offer "POP3 collection" (if that's the
English name for it), polling POP3 boxes at other providers. None
of my mail providers offered forwarding, for various reasons.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735