[Top] [All Lists]

[spf-discuss] Re: Revising SOFTFAIL

2008-01-05 12:16:09
Hash: SHA1

Edmig wrote:
On Jan 5, 2008 10:40 AM, Mark <admin(_at_)asarian-host(_dot_)net> wrote:
For example, my mail server uses a single HELO name, but I relay mail
for a dozen or so MFROM domains, neither of which ought to be treated
as forwards. Treating those instances as forwarding would patently
break SPF.

I don't understand the difference between a relay and a forward pass,
or why it matters.  Why would you relay or forward mail for a domain
that doesn't give you whatever authorization you ask for?

"Relaying" in the sense used by Mark above refers to the _sender_'s setup.
"Forwarding", however, is almost always set up by the _receiver_.  Senders 
can always account for their sending infrastructure in their SPF records.  
Receivers, on the other hand, don't publish SPF records, so they have to 
be aware of their forwarding infrastructure when checking senders' SPF 

why not just use the HELO name to authenticate an incoming IP

You don't authenticate IP addresses.  Those are inherently authentic.  
What needs to be authenticated are identities such as HELO or MAIL FROM 
that are NOT inherently authentic.  If you just want to use one of those 
identities for a reputation system, then choosing which one to use is 
just a matter of the desired granularity.  If however you want to use the 
MAIL FROM for sending bounces or similar purposes, then authenticating 
HELO doesn't help you.

But it doesn't help you one bit in determining whether relay X is
authorized to send domain Z in MFROM.

Why do we care?  If Y is reputable, and it says X is OK, we have what
we need.  If Z is forged, we tell Y, and they fire X.

Except that the firing X part doesn't always happen (or it doesn't happen 
quickly enough) in reality.

Version: GnuPG v1.4.6 (GNU/Linux)


Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>