spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: Forwarder whitelisting reloaded

2008-01-19 01:53:54
On Fri, 18 Jan 2008, Alessandro Vesely wrote:
Michael Deutschmann wrote:
* Level 0: Status quo, people are afraid to use receiverside SPF.

I'd also mention they are afraid to use backup MXes. After Frank said "it

Backup MXs need the same super-whitelisting as forwarders.  But TENBOX
isn't needed, since they can be easily granted that whitelisting based on
IP address or conventional SMTP-AUTH usage.

If your talking a "TENBOX/U" protocol (U for United front) which would
allow spam policies on the forwarder to be kept in perfect sync with the
primary -- I can see that it would be very useful for Backup MX
administration but this would be near-impossible to pull off in a general
way.

* Level 1: TENBOX/E.  Forwarder whitelisting is possible for power users.

L1 implies the forwarder can authenticate itself, or the MTA has been
patched in order to implement TENBOX/E, or I haven't grasped TENBOX/E
quite enough. :-)
That's why this has it's own level.  Each level requires new software
at the forwarder and the ultimate recipient.

Shouldn't we "just" provide an rfc 1425 SMTP extension for forwarding?
I'm going for a pseudo-SASL mechanism rather than an ESMTP keyword,
because much more RFC-lawyering is needed to register the latter.

* Level 2: As Level 1, but a protocol is added to allow the Forwarder to

What's wrong with just checking the response to "MAIL FROM:<> AUTH=<swk>"
or whatever TENBOX/E will prescribe?

Just because a message gets through doesn't mean the sender was
whitelisted.  And a probe that doesn't go to DATA tells you nothing about
content filters, or the presence of an armed "This is spam" button.

(The TENBOX/E spec I posted earlier did define a special method.  If the
MAIL FROM is in the @invalid domain, the MTA is to 5xx the RCPT TO if full
whitelisting is not present for the SWK/recipient pair.)

---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=87765175-48943b
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>