Stuart D. Gathman wrote:
I'd call that "white listing based on a HELO PASS"
[...]
Except it is *not* HELO, but the original rcpt to domain.
A -> user(_at_)forwarder(_dot_)com -> final(_at_)receiver(_dot_)com
Checks for PASS on forwarder.com (HELO is something else
like mx19.forwarder.com, with no easy way to list them all)
Oops, yes, I missed that important point. That requires a
list of "known forwarders for Y (forwarding mails to X)" (?)
You're probably not trying to find "for X" in a timestamp
line.
Each Y can have various X1, X2, X3, etc. where all mails to
X1, X2, X3, etc. are forwarded to Y. You're not interested
in local parts, so you'd use the (shorter) list of domains
D(X1), D(X2), D(X3), etc. without duplicates. Is that your
approach ?
I put my list in DNS where it is accessible to all my clients.
How does that work for different users Y1 != Y2 with different
lists of forwarders ? Do you join "forwarding domains" over
all users ? That would have "interesting" security issues if
one bad apple in say Y1's basket could spam all other users.
I'd never guessed that a "pretended MAIL FROM" stands for
something like this idea to mitigate forwarding issues -
it's apparently in the direction of a "forward master plan".
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735