-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Deutschmann wrote:
On Wed, 9 Jan 2008, Julian Mehnle wrote:
However, here's another idea how forwarders could identify
themselves. Suppose a new SPF modifier named "i-am=" that works
exactly like "redirect=", with one addition: the modifier's argument,
for example "forwarder.org", can be considered an additional
authenticated identity by the receiver if SPF evaluation passes for
that domain. The receiver can then use that additional identity to
whitelist the sender.
I don't think that's a good use of 60-odd bytes of SPF record space.
Well, saying "v=spf1 redirect=..." is common already nowadays for HELO SPF
records.
Also, it fails in one common situation. Suppose two forwarding
organizations (or mailing list hosters) use the I-AM= proposal. Then,
they merge, desiring to keep both of their original domains in
operation. They'd like to use one mailserver to serve both domains
without making their users re-configure. Then which domain gets the
"I-AM=" reference?
You could simply have multiple "i-am=" modifiers in a single record, and
the receiver could look the "i-am=" domains up in their whitelist and
only try evaluating those that are whitelisted in the first place (saving
unnecessary time and bandwidth). If the "i-am=" SPF check passes for one
of the whitelisted domains, it's a trusted forwarder.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHhMEpwL7PKlBZWjsRAohCAJ0eNqNopt+wJsO/M2Fo4OoNWSVwrgCcC5eo
ZrdrQjy9ZBSIMFA7WzXxdYU=
=fdpn
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=83634494-3875bd
Powered by Listbox: http://www.listbox.com