On Sat, 3 Feb 2007, Michael Deutschmann wrote:
I suppose one could do SRS if the message is SPF PASS, reject it if it's SPF
FAIL and do traditional forwarding if it's and other SPF result. This would
avoid the making it worse part and actually reduce backscatter to some
degree.
Not necessarily. Just because the result was NEUTRAL or SOFTFAIL when
the forwarder checks incoming mail, does not mean the result can't be FAIL
when the ultimate recipient checks the same message against the forwarder's
outgoing mail IP.
So in some cases you need SRS to get through, but still can't safely
bounce.
three things:
1) The recipient MUST NOT check spf for non-SRS forwarders. If they
don't know who their forwarders are, then they MUST NOT check SPF at all. Of
course, they probably will anyway, so ...
2) The forwarder MAY rerun check_spf with his own IP. If the result
is FAIL, then use SRS, or drop the mail (possibly with a DSN to the
alleged sender summarizing the situation. The DSN can be easily filtered by
savvy senders using MAIL FROM signing, e.g. SRS.)
3) The forwarder MAY just try the next hop, and if rejected, try again
with SRS.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735