[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Asrg] Re: Yet another attempt to fix forwarding

To: asrg at ietf.org
Subject: [Asrg] Re: Yet another attempt to fix forwarding
From: "Frank Ellermann" <nobody at xyzzy.claranet.de>
Date: Thu, 31 Jan 2008 00:15:01 +0100
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: <http://purl.net/xyzzy>
References: <47A01A8A.6030502@tana.it><DFA34DBE-C0F1-4168-9125-26C65C356845@mail-abuse.org><fnqndr$178$1@ger.gmane.org> <A61A36B1-5C87-496A-8940-7CEF88DE9937@mail-abuse.org>
Reply-to: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz at gmail.com>, Anti-Spam Research Group - IRTF <asrg at ietf.org>

Douglas Otis wrote:

> these records may also be applied against the Purported Responsible
> Addresses

Receivers can also apply them to the Message-ID and use the results
as entropy source for /dev/random, but apart from a NOT RECOMMENDED
statement in RFC 4408 this is unrelated to SPF.

It's also unrelated to "forwarding" (see subject), and how RFC 821
made sure that "forwarders" must take the responsibility for their
actions (= by adding their host to the reverse path).

> The difference between the provider and the provider's customer is  
> extremely important.

Not for the reverse path, this was just a route to a mailbox of the
"sender", a sender at host mailbox for MAIL FROM this host.

> When access depends upon an identity's indirect declaration of
> their authorized providers by way of address, privacy protection
> is clearly reduced.

The envelope sender address is used for non-delivery reports, FWIW
it can be postmaster at host or postmaster+crypto at host or crypto at host,
this has nothing to do with "privacy protection".  If somebody can't
receive mail he has no business to send mail, that's as it always
was, and if you want real anonymity this needs considerably more
effort than using a forged envelope sender (or 2822 PRA) address.

> When access depends upon an identity's declaration of authorized  
> providers, the means for making this declaration resolves to the  
> provider's customer, and not the provider.

Nobody is forced to declare which IPs they consider as permitted
or forbidden for mails sent by them.

And if they do you can still use "your" 2822-From address where it
pleases you as far as SPF is concerned.  This won't work for PRA
or SSP, but that's not my problem while talking about SPF and SMTP.

> There are perhaps a few hundred thousand major providers, and yet  
> there are millions of individual's email domains in use.

Yes, they can combine providers as they see fit in their policy,
or never care about it if they have no problems with backscatter.

> EHLO validation is yet another optional "feature" of SPF

Nope, it's RECOMMENDED, not "optional".  Does SPF really threaten
your commercial "anti-spam" interests so much ?  *Brilliant*

 Frank

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Re: Yet another attempt to fix forwarding
  - From: Douglas Otis

References:
- [Asrg] Yet another attempt to fix forwarding
  - From: Alessandro Vesely
- Re: [Asrg] Yet another attempt to fix forwarding
  - From: Douglas Otis
- [Asrg] Re: Yet another attempt to fix forwarding
  - From: Frank Ellermann
- Re: [Asrg] Re: Yet another attempt to fix forwarding
  - From: Douglas Otis

Prev by Date: Re: [Asrg] Re: Yet another attempt to fix forwarding
Next by Date: Re: [Asrg] Re: Yet another attempt to fix forwarding
Previous by thread: Re: [Asrg] Re: Yet another attempt to fix forwarding
Next by thread: Re: [Asrg] Re: Yet another attempt to fix forwarding
Index(es):
- Date
- Thread