-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(Adopting William's subject change for the original thread, too.)
William Leibzon wrote:
Stuart D. Gathman wrote:
SRS is not actually needed except as a work around for recipients that
don't provide whitelisting. (e.g. you want to forward mail to your
gmail.com account).
A lot of recipients are unable (for various reasons) to setup
per-receipent whitelisting or per-receipient SPF checking (i.e. site does
SPF checking for all incoming email for all users). My view is that they
probably should not forward to account like this, but lets be clear - SPF
does break forwarding and nobody is disputing it, the question is more
often if its a good thing or not.
It's definitely a good thing in the sense that if SPF allowed forwarding to
work as it did before, then everyone could just claim to be a forwarder
and spam away happily. After all, recipients don't "know" about who are
their forwarders (at least not technically -- what you said), so they
wouldn't see the difference between a real forwarder of theirs and a pre-
tending one. In effect, envelope sender forgery could never be stopped.
Then of course there are those who believe that by definition there is no
such thing as envelope sender forgery, effectively denying that the use of
the envelope sender field should be put under (anyone's besides the
sender's) control in the first place. Anyone who hates e-mail abuse and
still follows this notion is probably confused.
SRS is actually more useful as a variation on BATV to reject bounces
of your forged domain.
Lets call it appropriately as its BATV that came as variation of SES
which came out of work on SRS. For SPF Community it would be good to
release their own documents/text-draft that describes SES close to its
original concept (without RFC2822 additions and only done as encrypted
MAIL FROM with optional dns server to answer if the crypted id is ok or
not) and work on the implimentations to be listed on the website. Same
goes for SRS as there is no good (recent/updated) text standard either.
Any volunteers are more than welcome! (Seriously!)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFuI5OwL7PKlBZWjsRAmj+AKD+9Ju8lCYjwIMhUVV/aW/cKs/OiACg224f
M7iTRdI3BQI83BnXIyxTkTM=
=JwMR
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735