spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Senderside forwarder-problem mitigation

2009-07-08 08:36:53
On Wed, 8 Jul 2009 01:00:14 -0700 (PDT) Michael Deutschmann 
<michael(_at_)talamasca(_dot_)ocis(_dot_)net> wrote:
On Tue, 7 Jul 2009, Scott Kitterman wrote:
On Mon, 6 Jul 2009 01:10:01 -0700 (PDT) Michael Deutschmann
But others may see SPF as valuable only as a backscatter preventer, and
presently not very effective because sane ISPs will not turn SPF on
globally.
They would love to use "fm=hard" to tell a receiver "go ahead and ignore
the
forwarder problem; I accept responsibility for the FP risk.".

This is what the current -all means (to a very close approximation).  Why
would receivers believe this if they don't believe -all.

The problem is that there are basically two different versions of SPFv1,
which use identical syntax but have different semantics.  (SenderID 
produced
another pair, but that's a whole other story....)

In Gathman-SPF, SPF is applied by default after a forwarder whitelist has
exempted part of the mailstream.  No forwarder whitelist means no rejecting
solely due to SPF fail.  In this protocol, almost everyone can use -all
senderside, but it is foolish for an mail admin who doesn't know his users
well (such as in large ISPs) to deploy receiverside SPF checking that does
more than header tagging.

In Vessely-SPF, SPF is to be applied literally, with SPF fail being 
binding.
In this protocol, only two groups are entitled to actually use -all
senderside: SES/BATV users with a magic DNS server referenced in exists, 
and
people who are desperate enough to stop backscatter that they will 
willingly
risk rejected forwards.  But receiver admins are assured that they can and
should arm reject-on-fail for users they don't know much about.

V-SPF mostly gives inferior information.  In V-SPF, softdeny is pointless,
and V-SPF neutral collapses together G-SPF neutral, softdeny and fail. But
V-SPF's fail maps to something that just doesn't exist in G-SPF.

The differences are under the control of the receiver, so there is really 
nothing to specify on the sender side.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>