On Wed, 8 Jul 2009, Alessandro Vesely wrote:
_How_ they accept whitelisting would also be a policy. It can go anywhere from
whitelisting an IP, to providing a specific userid/password pair for the
forwarder to use SUBMIT. None of those can be easily automated, that's why I
listed them last.
The simplest way to whitelist a forwarder is the way pymilter does it:
provide the domain of the forwarder - what the forwarder would
use if they were enlightened enough to use SRS. If the mail would have
passed SPF (or a guessed SPF policy such as "v=spf1 a mx ptr") had
the forwarder actually used SRS, then the email is from the whitelisted
forwarder.
One would hope the forwarder is at least enlighted enough
to publish an SPF record, or use a valid HELO or PTR that ends in their
domain or send from one of their MXes so the SPF-GUESS works.
If the forwarder is anonymous, maybe everyone is better off if the end user
*doesn't* get any of the forwards ... ;-)
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com