David MacQuigg wrote:
What I was really
trying to say was let's not get involved in discussing solutions far
outside the scope of this group, as the details of signature-based
methods would certainly be.
IMHO the requirement may indicate to resolve the issue before the DATA
command, much like SPF. (Actually, SPF can already make a decision after
MAIL FROM; FF also needs the RCPT TO.)
After a message has been accepted, a wrong signature may permit to detect
that the message was a fraud. In that case we should question if the
forwarder is trustworthy. This kind of activity is important to properly
maintain a database of trusted forwarders - those who can get an
authorization automatically. No matter how well one examines a forwarder,
it may still become a spammer after having been examined. A forwarder who
states *each and every* message it forwards is signed by the original
sender, makes it possible to detect any attempt to originate spam
pretending it is being forwarded.
If the original sender provides no signature, it is difficult to discover
that a trusted forwarder has become a spammer. We should devise a
technique for detecting if a message has not actually been forwarded.
Checking a random sample may suffice. Any idea?
missing from http://open-mail.org/Forwarding.html
I added that to our Statement of Forwarding Problems at
the link above, with a note "still needing discussion".
Thanks!
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=92966351-a113f9
Powered by Listbox: http://www.listbox.com