julian at mehnle
Mar 14, 2007, 3:17 AM
Post #1 of 1
(544 views)
Permalink
|
|
Re: "pretend" MAIL FROM = forwarder white-listing (if forwarder has SPF record)
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
> Suppose MyForwarder is your alias forwarder. They do not use SRS.
> However, they *do* control their own myforwarder.com domain (where your
> forwarded address resides) with an SPF record. So, when you get mail,
> the MAIL FROM will be
>
> MAIL FROM: <joe [at] randomdomain>
>
> *But*, before check SPF for randomdomain.com, you check SPF as if the
> MAIL FROM was:
>
> MAIL FROM: <postmaster [at] myforwarder>
>
> instead.
>
> If that gets a pass, then you know the mail was forwarded (and SPF
> checking on the actual MAIL FROM is useless).
>
> If myforwarder.com doesn't actually have an SPF record, then some
> SPF libraries (e.g. pyspf) will allow you to supply a substitute that
> you figure out and maintain yourself.
That's sort of what forwarder white-listing AKA TENBOX intends to do,
except that it covers only the case where the forwarder does have a
(complete) SPF record. The other case (forwarder neither has an SPF
record nor does do SRS) still needs to be solved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF98u/wL7PKlBZWjsRAqceAKDE/irQIkRXNEEegnys8ViHhtfYhwCdFkwe
Y3ZoeeujGzFXN745gDZpWug=
=vLHU
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735
|
