-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth Goodman wrote:
Frank Ellermann wrote on Saturday, January 27, 2007 1:11 PM -0600:
Seth Goodman wrote:
I suggest you refrain from stating that this has anything to do
with the "point of SPF fail". It does not, and it never has.
This is obviously untrue - the very first SPF Web page prominently
talked about "SPF breaking forwarding". It's the intended effect
of SPF FAIL policies to be rejected at the border of the receiver.
Breaking alias forwarding was an unwanted side-effect, not an intended
result. SRS was concocted, against strong resistance to any kind of
return-path rewriting, in order to mitigate this otherwise undesirable
side-effect. I repeat: breaking of alias forwarding was an unavoidable
and unwanted side effect, not an intended consequence.
The problem with alias-style forwarding is exactly that it cannot be
distinguished from unwanted MAIL FROM forgery -- except by the recipient,
who should be aware of the alias forwardings they have set up.
If you as a receiver want your alias forwardings to keep working, you must
do your very own part and exempt your trusted forwarders from SPF checks.
"Breaking" alias forwarding _was_ an intended consequence of SPF. We just
didn't recognize that early. It can also be very clearly seen from the
fact that nobody has come up with a solution other than not performing SPF
checks in the first place -- at least on your trusted forwarders.
Seth Goodman wrote:
There are very few rejections due to forwarding because there are very
few rejections due to SPF. There won't be many rejections of any kind
due to SPF until people feel confident it won't break alias forwarding.
So what solution for "SPF not breaking alias forwarding" do you suggest?
If you have one, I'm sure all of us are eager to hear it!
(No, sender rewriting is not a solution, because then it wouldn't be
_alias_forwarding_ anymore in the first place. The characteristic element
of alias forwarding is NOT to rewrite the sender.)
Declaring the millions of existing forwarding arrangements broken and
wishing that the whole world will wake up and realize that 821 is flawed
is not a productive approach.
Are you saying that technical reform (as opposed to mere amendment and
continued sophistication) is inherently not a productive approach?
[...] You might as well say that SMTP is broken and must go away.
SMTP will be replaced sooner or later, no matter what. At this time, we
_still_ have a choice whether it will be replaced by "SMTP+SPF-aliasfor-
warding" or by "SMTP2/IM2000/SkypeMail/rssmail/whatever".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFvKVXwL7PKlBZWjsRAg3pAKCRA0K9aGbim9/ipSrUpWLBhACuzQCeNst4
8JQhdmmzTCXCIZj0J3ihg6g=
=VLRy
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735