[Top] [All Lists]

[spf-discuss] Re: TENBOX/E as an AUTH type

2007-04-06 17:16:31
Stuart D. Gathman wrote:

It is the same as "pretend MAIL FROM", except that instead of trying
potential forwarders in a list, the forwarder tells you which domain
to validate.  Much more efficient.  The effect is similar to SRS,
but bounces go to the original sender instead of the forwarder.

Yes, and that's where I'm *V*E*R*Y* *I*N*T*E*R*E*S*T*E*D*  With SRS it
is clear that forwarders take the responsibility for mails forwarded
by them as they should under RFC 821 rules (and explicitly did by
adding their identity to the reverse path in the pre-1123 world).

How does TENBOX guarantee that the alleged original sender in fact is
the original sender ?  If it doesn't guarantee this it's a part of the
problem, like open relays, zombies, spammers, and phishers.  I report
all bounces I get as abuse if they're not related to mail originally
sent by me.  My justification for this approach is my SPF FAIL policy

And AFAIK I'm the _only_ user on the spamcop list who thinks that an
SPF FAIL is required, the others report all bogus bounces right away,
no questions asked.

There is no real need for a v=tenbox record.  It was only proposed
in case the forwarder doesn't want to publish an SPF record for some
reason, or wants to publish a "v=spf1 -all" policy (perhaps because
they never send mail from their own domain, "fwd.example" in the
example scenario).

The example was a mail from user(_at_)fwd(_dot_)example to 
so claiming that fwd.example never sends mail would be stupid.  That
the forwarder notes this fact as AUTH= instead of MAIL FROM in the
envelope is the private business of the user, the forwarder, and the
next hop.  Clearly I didn't send mail from me using any IP of this
forwarder, the forwarder did this on behalf of user(_at_)fwd(_dot_)example

As far as it really was mail from me they can do what they like, but
if it was forged I'm as I said very interested to stop this abuse by
all means, legal, illegal, or outright ugly.

Does TENBOX guarantee that forwarders reject any SPF FAIL before
trying their TENBOX forwarding magic ?

No, but only trusted forwarders would be on your list.

If forwarders don't reject SPF FAIL and keep the forged mail from as
is they are by definition spam supporters, and the next hop better
rejects this crap.  One of us needs more coffee, is it again me ?

In any case, the SMTP adds its own identifier to the reverse-path.
[RFC 821, section 3.6 "RELAYING"]

Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
please go to http://v2.listbox.com/member/?list_id=735