spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] Yet another attempt to fix forwarding

2008-02-06 17:58:09
from [David MacQuigg] [Permanent Link] 
At 10:08 PM 2/5/2008 -0800, Michael Deutschmann wrote:


On Tue, 5 Feb 2008, David MacQuigg wrote:

After hearing that, they will eventually modify their whitelisting
option, so it works with a domain name, not necessarily a full address.


That's not the right direction.


I don't understand what you mean.  What I was talking about is a very
[...]
yahoo.com.


Right direction -- extend things so that the end-user can add the
forwarding input address to their whitelist and things will Just Work.
Only SWK-SPF does this.

Wrong direction -- extend things so that the whitelist can hold
non-email-address tokens, like hostnames from rDNS or HELO.  This is
dangerous because whitelist entries to support a given forward may have no
obvious connection to the forwarding, tempting lusers to "garbage collect"
them out of their lists.


OK, I understand you mean "right direction" as "right thing to do".  I read it 
as something to do with the direction of mail flow.  English is a terrible 
language when we need clear, unambiguous communication! :>(

I'm still not understanding something.  Maybe it's what problem are we trying 
to solve.  I'm thinking about Problem S, which I would state even more 
succinctly as "Forwarder not recognized by downstream Agent".  The solution I 
suggested (MDA allowing the Recipient to whitelist the Forwarder's domain) 
works for me as a Recipient, but may not be a good solution in all situations.

          |-------- Recipient's Network ---------|
     /
--> / --> Receiver/Forwarder ~~> MDA ==> Recipient
   /
 Border

My MDA is yahoo.com.  They allow me to whitelist individual Senders (e.g. 
tom(_at_)aol(_dot_)com), but not all mail coming from box67.com (my Forwarder). 
 I have accomplished the desired result by setting up a private account at 
yahoo.com, and turning OFF all spam filtering on that account.  As long as I 
can keep the address of my private account secret, it's as good as a secure 
channel from my Forwarder to my MDA.

What situation are you thinking of?

-- Dave 


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription: 
http://v2.listbox.com/member/?member_id=2183229&id_secret=94583766-3b9801
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] TENBOX/E (now SWK-SPF) rough draft, David MacQuigg
Next by Date:  Re: [spf-discuss] Statement of Problems and Requirements (Last Call), WebMaster
Previous by Thread:  Re: [spf-discuss] Yet another attempt to fix forwarding, Michael Deutschmann
Next by Thread:  Re: [spf-discuss] Re: Strong SPF assertions, Ian Eiloart
Indexes:  [Date] [Thread] [Top] [All Lists]