spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: Election issue: forwarding problem

2007-02-05 01:37:23
from [Peter Bowyer] [Permanent Link] 
On 05/02/07, Scott Kitterman <scott(_at_)kitterman(_dot_)com> wrote:

On Sunday 04 February 2007 18:36, Seth Goodman wrote:
> Frank Ellermann wrote on Sunday, February 04, 2007 12:57 PM -0600:

> > Not necessarily, the famous "enforced submission rights" in RFC 4409
> > are only an OPTION.  Any MSA "MUST" (in 4409) have some kind of AUTH,
> > to identify users AUTHorized to use the MSA.  That could be anything
> > from SMTP-after-POP over RADIUS to SMTP AUTH (2554bis).
>
> This is true, they don't have to do anything except avoid being listed
> as an open relay.  They do authentication to restrict access, but don't
> restrict submission rights and only act when they receive complaints.
> Plenty of large systems still permit sender forgery, ostensibly because
> most of their users submit over port 25, which is often blocked by
> outside networks whn their users travel.  It's ironic that these same
> systems also block port 25 for users visiting their network space.  I
> hope we're not still discussing this same chicken vs. egg problem ten
> years from now.
>
The tricky part about this is not the technical aspects, but the
administrative/procedural part.  If you have a legacy userbase of
thousands/millions how to you go back and validate which mail from identities
they should be using.  This is a non-trivial problem.


Yep. I know initmately the email instructure of a major European ISP
with operations in 4 countries, and it would be the complete opposite
of trivial to implement this in their network. The MSA (which they
don't have in port-587 sense, they have port 25 firewalled-off to
their own IP space instead) has no knowledge of the identity of the
connecting customer; any form of user database it might use to do
authentication is not even in the same country.

Bad architecture? Sure. But they can only start from where they are.

Peter


--
Peter Bowyer
Email: peter(_at_)bowyer(_dot_)org

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?list_id=735
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Re: Election issue: forwarding problem, Scott Kitterman
Next by Date:  [spf-discuss] ?all usage, Janis Putrams
Previous by Thread:  Re: [spf-discuss] Re: Election issue: forwarding problem, Scott Kitterman
Next by Thread:  RE: [spf-discuss] Re: Election issue: forwarding problem, Seth Goodman
Indexes:  [Date] [Thread] [Top] [All Lists]