On Tue, 13 Mar 2007, Frank Ellermann wrote:
I put my list in DNS where it is accessible to all my clients.
How does that work for different users Y1 != Y2 with different
lists of forwarders ? Do you join "forwarding domains" over
all users ? That would have "interesting" security issues if
one bad apple in say Y1's basket could spam all other users.
It doesn't matter. The DNS repo is simply my approximation of SPF records that
senders *should* have published if they had a clue. Nothing to do
with forwarding, except for supplying an SPF record when the forwarder
won't.
I'd never guessed that a "pretended MAIL FROM" stands for
something like this idea to mitigate forwarding issues -
it's apparently in the direction of a "forward master plan".
It solves non-SRS forwarding issues. Reputation is currently accrued against
the (pretend) forwarder domain.
I am working on a revision that would accrue reputation to the actual MAIL
FROM, but with the forwarder domain as the qualifier. Furthermore, if the
forwarder does do SPF (including SRS forwarders), then the reputation should be
charged to the domain qualified by SPF result contained in the Received-SPF
header. (For trusted forwarders only, of course.)
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735