spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] SPFv3 proposal: rawfail result

2011-02-06 15:32:26
from [Stuart D. Gathman] [Permanent Link] 
On Sun, 6 Feb 2011, Michael Deutschmann wrote:


On Sat, 5 Feb 2011, Stuart D. Gathman wrote:

The whitelisting is robust for most alias forwarders when you whitelist the
forwarder domain, and use SPF or best guess to identify mail from the
forwarder.  When attempting the explain this before, I called it
a "pretend" MAIL FROM.  The algorithm in its simple form goes like this:


That doesn't help with the scenario that worries me:

A user subscribes to ISP A for some time, but then switches to ISP B.
ISP A graciously sets up a forward from his old mailbox to his new one at
ISP B (this is also the situation where the forwarder is least motivated
to try something like SRS).

ISP B and the user are quite hip mail-security wise, so they arrange a
whitelisting for the servers ISP A has been using for the handoff, and
then enable reject-on-SPF-fail for other cases.


You missed the part where you whitelist the DOMAIN, not server IPs.  Using
SPF or best guess if that is not available.


Then ISP C buys out ISP A, and consolidates mail handling at one data
center.  The forwards now come from a different IP, different rDNS domain,
and different HELO.  The whitelisting breaks.


Doesn't break if the SPF record is properly transitioned.  You're right
though that "best guess" would probably break.  That is why we promote SPF.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/2183229-668e5d0d
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=2183229&id_secret=2183229-a7234b15
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=2183229&id_secret=2183229-98aa0fe6&post_id=20110206163206:AB7DD118-3238-11E0-8600-8546A07B4368
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] SPFv3 proposal: rawfail result, Michael Deutschmann
Next by Date:  Re: [spf-discuss] SPFv3 proposal: rawfail result, Michael Deutschmann
Previous by Thread:  Re: [spf-discuss] SPFv3 proposal: rawfail result, Michael Deutschmann
Next by Thread:  Re: [spf-discuss] SPFv3 proposal: rawfail result, Michael Deutschmann
Indexes:  [Date] [Thread] [Top] [All Lists]