spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Yet another attempt to fix forwarding

2008-02-02 02:51:07
David MacQuigg wrote:
   What I was really
trying to say was let's not get involved in discussing solutions far
outside the scope of this group, as the details of signature-based
methods would certainly be.

IMHO the requirement may indicate to resolve the issue before the DATA command, much like SPF. (Actually, SPF can already make a decision after MAIL FROM; FF also needs the RCPT TO.)

After a message has been accepted, a wrong signature may permit to detect that the message was a fraud. In that case we should question if the forwarder is trustworthy. This kind of activity is important to properly maintain a database of trusted forwarders - those who can get an authorization automatically. No matter how well one examines a forwarder, it may still become a spammer after having been examined. A forwarder who states *each and every* message it forwards is signed by the original sender, makes it possible to detect any attempt to originate spam pretending it is being forwarded.

If the original sender provides no signature, it is difficult to discover that a trusted forwarder has become a spammer. We should devise a technique for detecting if a message has not actually been forwarded. Checking a random sample may suffice. Any idea?

missing from http://open-mail.org/Forwarding.html
  I added that to our Statement of Forwarding Problems at
the link above, with a note "still needing discussion".

Thanks!

-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=92966351-a113f9
Powered by Listbox: http://www.listbox.com