I had one idea on how a sender could cope with an unhandled forwarder
problem or unwhitelisted backup MX in some receivers, without completely
giving up the benefits of SPF fail: Maintain an RHSBL of *recipient* domains
which do not handle SPF properly, and then use a ?exists mechanism to query
it and return neutral for matches, ahead of the -all or ~all sane recipients
will see.
Sadly, when I looked up the RFC to see exactly how to write such an exists
line, I found it's impossible in SPFv1. There are macros for the sender
local-part and domain, but nothing for the recipient.
So, I propose rectifying that in SPFv3. We just need to add a new macro
that expands to the RCPT TO domain of an attempted SMTP transaction. Might
as well add one for local-part, too.
The feature also has a second use. The VERP/exists/magic-DNS senderside
mitigation method could benefit if the recipient domain could be presented to
the magic DNS server. A forger, even if he could guess or snoop the tumbler
on the MAIL FROM, would be only be able to send bogus e-mails to people the
victim very recently corresponded with.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com