spf-discuss
[Top] [All Lists]

[spf-discuss] Statement of Problems and Requirements (Last Call)

2008-02-06 17:56:31
Since the discussion of solutions and implementation details seems to be 
full-speed forward, I would like to wrap up the earlier steps.  Here is what I 
have at http://open-mail.org/Forwarding.html.  The only thing new is Problem R. 
 This goes well beyond the specifics of  forwarding, but I thought it would be 
good to include in our list.  In devising a solution to the Forwarding Problem, 
we should do our best to have it solve the larger problem as well.

Statement of Forwarding Problems

Problem S - To technologies like SPF, messages forwarded without re-writing the 
Return Address appear to be forgeries.

Problem K - Forwarders will accumulate "bad karma" when they innocently pass on 
spam to a downstream Agent without prior arrangement, or with arrangements that 
are mistakenly ignored.

Problem B - Mail may be lost when a Receiver accepts a message without 
authenticating the Return Address and a downstream Agent rejects it.

(still needing discussion):

Problem P - Recipients have difficulty keeping track of and updating their 
forwarding arrangements.

Problem R - The reliability of the global email system is so bad that users 
cannot be confident of delivery unless there is prior arrangement between 
Agents at the Border of the sending and receiving networks.

Requirements for Solution to Forwarding Problems

1) No cost or risk to Agents on Sender's side
2) Small cost or risk to Agents on Recipient's side
3) No lost mail
4) Effective
5) Minimum vulnerability to new attacks
6) At every stage of adoption, benefits must exceed costs to each Agent
   that must take some action.

(still needing discussion):

7) Forwarder authentication must be resolved before the DATA command.


Possible Solutions

see http://open-mail.org/Forwarding.html   Have I forgotten anything?

-- Dave


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=94581990-95f552
Powered by Listbox: http://www.listbox.com