On Saturday 07 April 2007 19:51, Michael Deutschmann wrote:
On Sat, 7 Apr 2007, Frank Ellermann wrote:
Yes, and that's where I'm *V*E*R*Y* *I*N*T*E*R*E*S*T*E*D* With SRS it
is clear that forwarders take the responsibility for mails forwarded
by them as they should under RFC 821 rules (and explicitly did by
adding their identity to the reverse path in the pre-1123 world).
Ah, you're calling it a feature that SRS forces forwarding providers to
stake their IP reputation on the identification of a message as
non-forged. But SRS also forces them to either "sign off on" or refuse to
accept SPF-neutral, SPF-none, and SPF-softfail mails. This just isn't
reasonable today.
Their IP reputation is already as stake. SRS adds their name reputation.
Entities that punish backscatter, such as UCEPROTECT, generally believe
that backscatter should be prevented by abolishing DSNs entirely, not by
sender validation. So for them "I couldn't get a clear SPF answer" is not
an excuse for backscatter. And for an SRS forwarder, abolishing DSNs
entirely just isn't possible. Even if they go to the *extreme* of
conducting incoming and outgoing SMTP transactions simultaneously, they
can still get saddled with a "MAIL FROM: <> / RCPT TO:
<SRS0=blahblah(_at_)blah>" hours later from the next hop.
Yep. SRS transfers a final recipient bounce to a forwarder bounce, but
without SRS final recipient rejects still result in forwarder bounces.
Forwarders reliably getting backscatter control correct is pretty well
impossible no matter what we do here. It's one of the reasons I think the
days of transparent forwarding are numbered.
How does TENBOX guarantee that the alleged original sender in fact is
the original sender ?
It doesn't. But TENBOX/E mail will very rarely be bounced, if at all.
I don't see at all how that follows.
If the final recipient trusts the forwarder's TENBOX token enough to stand
down SPF, it would be silly not to also stand down their content filters
(SpamAssassin, ClamAV, DCC, etc.). And content filters are the leading
cause of forwarder bounces.
Absolutely not. Not Forged != Not Spam/Phish/etc.
Lots of people made this exact mistake when SPF was initially being deployed.
Don't repeat it.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735