julian at mehnle
Mar 28, 2006, 11:04 AM
Post #37 of 70
-----BEGIN PGP SIGNED MESSAGE-----
Johann Steigenberger wrote:
> > > And if you continue saying SRS is necessary for any reason,
> > > i have to tell you that i wish there were a parameter like NOFORWARD,
> > > which could be added to SPF.
> > That would be pointless, just like the various "no-copy" bits in the TV
> > broadcasting or storage medium industry. Such a thing can only work if
> > ALL devices honor it, i.e. non-compliant devices are outlawed.
> I don't think so:
> Getting an SRS Mail you always have an envelope-from like this:
> SRS*=*=forwardet-domain.com=user-on-forwardet [at] forwarder
> If SPF would in such a scenario check the initial domain in the
> localpart (in our example forwardet-domain.com) too,
> and not only the domainpart (forwarder.com), and it found that the
> forwarder did against the domainowners direction, this would clearly be
> an indicator to blacklist the forwarder for SRS-Abuse.
Define "find that the forwarder did against the domain owner's direction".
You can't use SPF records to check that because SPF records only apply to
the RHS (right-hand-side, after the @) domain of e-mail addresses, not to
any domains embedded in the localpart by obscure sender rewriting schemes.
I don't mean to say that SRS is obscure, but from SPF's point of view, SRS
just doesn't matter. All SPF cares about is the RHS domain and no other.
It _was_ the original point of SRS to legitimately(!) "circumvent" SPF when
forwarding. And that sort of circumvention _is_ acceptable because when
mail from <SRS...@forwarder.com> bounces, it goes exactly to forwarder.com
and nowhere else, so the forwarder has to deal with it, not the (supposed)
original domain. Thus the original domain is still protected against
envelope sender forgery and false bounces, which is what SPF is meant for.
There is no way to prevent mail from being forwarded. Please try to
understand what "forwarding" means, then perhaps it will become clear.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (GNU/Linux)
-----END PGP SIGNATURE-----
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=srs-discuss [at] v2