spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Re: (SOLVED) SPF blocking e-mails coming from an E-card service server

2007-05-01 09:21:36
from [Alex van den Bogaerdt] [Permanent Link] 
On Tue, May 01, 2007 at 02:10:42PM +0000, Julian Mehnle wrote:


http://www.openspf.org/Best_Practices/Webgenerated


This page in no way encourages sender address forgery.  Please learn about 
the meaning of the "From", "Sender", and "Reply-To" headers.  It then 
should become clear that what said page recommends does not constitute 
sender address forgery.


Indeed.  See the last line: "the least you can do is to keep the bounces
from actually going to <president(_at_)whitehouse(_dot_)gov>."

However, this is precisely what Dan is doing wrong IMHO.

(side note: I use "user(_at_)example(_dot_)com" instead of 
"president(_at_)whitehouse(_dot_)gov").

Original situation:  Dan had a service, and he expected 
"user(_at_)example(_dot_)com"
to deal with bounces that occured because of Dan's service.

Next: SPF got in the way.  Example.com didn't want Dan to use user's
email address.  This is why example.com published a policy.  Now Dan is
no longer able to send his ecards.

Next: Dan modified his service, and Dan's site now uses Dan's email domain
to send his ecards.

     ---> so far so good <---

Next: Dan is collecting bounces, and sends them to user(_at_)example(_dot_)com 
just
like in the original situation.

In other words: No problem is "solved" (see subject). All Dan has done
is to work around SPF, and while doing so he goes directly against the
spirit of SPF.


Does this sounds harsh Dan?  That is because either
a) you still don't understand the problem.
or
b) you don't care.

I just hope it is (a), because in that case a dialog is possible.


And here's another thing: you might not be fully aware of the dangers to 
your (certainly well intentioned) service (and it applies to thousands of 
similar services, too!):


Hear hear.

Dan, please don't shoot the messenger.  I may bring bad news to you, but it
is because of what you (and others) are doing that SPF exists in the first
place.

SPF is not about spam.  SPF is about forgery.

Alex

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: FYI: 2821bis and 2822upd, Julian Mehnle
Next by Date:  Re: [spf-discuss] (SOLVED) SPF blocking e-mails coming from an E-card service server, Alex van den Bogaerdt
Previous by Thread:  [spf-discuss] Re: (SOLVED) SPF blocking e-mails coming from an E-card service server, Julian Mehnle
Next by Thread:  RE: [spf-discuss] Re: (SOLVED) SPF blocking e-mails coming from an E-card service server, Devin Ganger
Indexes:  [Date] [Thread] [Top] [All Lists]