spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Yet another attempt to fix forwarding

2008-02-05 09:06:01
At 01:37 PM 2/4/2008 -0500, Stuart Gathman wrote:

On Fri, 1 Feb 2008, David MacQuigg wrote:

Big ESPs won't listen to us, but they will listen to their customers.  After
a few thousand complaints, or even questions like - "Hey Mr. Yahoo, how come
all my forwarded mail goes into the [bulk] folder?  Why can't I whitelist my
forwarders?"  After hearing that, they will eventually modify their
whitelisting option, so it works with a domain name, not necessarily a full
address.

Customers of a big ESP have no clue what "forwarding" is, and will therefore
never ask such questions.  I've tried explaining forwarding to yahoo 
and aol users, complete with postal analogies, but without much success.

Maybe you have a different situation in mind, but what I am thinking of is a 
setup the *Recipient* has initiated, perhaps by filling out a form on a webmail 
server.  e.g. Yahoo's webmail:  Mail Options --> POP & Forwarding -->  
Forward incoming Yahoo! Mail messages to a different email address 
Email address: 
  [                      ] 
  (e.g. user(_at_)company(_dot_)com) 
There is also a help link in case this is not self-explanatory.  The help 
window has a few FAQs at the top, followed by an interactive section where 
users ask each other for help.  The top-rated answers appear at the top of this 
section.

It is worth taking note of what big ESP customers expect (at least
from my conversations).  They expect their ESP account to act like a
mail store ("where I check my mail").  They expect to be to register/purchase
email addresses that end up in their "mail store" when sent to.
They do *not* expect to have to keep track of all their email addresses
(i.e. forwarders in most cases).  Computers are supposed to keep track of stuff
for them.  When I try to explain "forwarding", they want to know where
they can see the list of all their email addresses.  The suggestion
that they should have to keep track of the list in order for email to work
properly is met with disbelief.  This is a pretty reasonable set of end-user
expectations, actually.

The "big ESPs" I'm familiar with offer very little individual help, certainly 
not keeping track of an individual's forwarding arrangements.

So there might be more traction in educating end-users enough to demand
"a list of all my email addresses" from their ESP.  Any ESP able to provide
that, will have the information needed to handle forwarders properly.
Especially if forwarders publish SPF records for the forwarded domains
(receivers can validate an alias forwarder by comparing the IP against the SPF
records of valid forwarded domains for that recipient - a technique I've
called checking the "pretend domain").

I'm not sure how such a "list of all my email addresses" would get
transferred when a customer decides to switch ESPs.

When you say "ESP", I assume you are referring to the MDA in this setup:

          |-------- Recipient's Network ---------|
     /
--> / --> Receiver/Forwarder ~~> MDA ==> Recipient
   /
 Border

Currently, MDAs do not keep track of Recipients' forwarding arrangements, and 
there is no way they can know the original RCPT TO address, since it gets 
re-written by the Forwarder.

If we are thinking of a new protocol or BCP, with reasonable expectations of 
each of the Actors involved, I can envision some SHOULD requirements for 
Forwarders and for MDAs.  Maybe something like "Forwarders should send a 
monthly reminder that the forwarding arrangement is still active, and how to 
cancel it."  I get a few of these each month for mailing lists that I subscribe 
to.  Forwarding is very similar to a mailing list in this situation.

I'm all for minimizing burdens on the Recipient, but we need to be careful that 
doing so does not put an unreasonable expectation on other Actors.  Ultimately, 
it is the Recipient (or his secretary) that must keep track of his own email 
addresses, his own passwords at various services, etc.

-- Dave


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=93794180-a7ea4e
Powered by Listbox: http://www.listbox.com