Pierre Ossman [EMAIL PROTECTED] wrote: > The current solution would be to turn of SPF checks for the mail servers > where you can receive relayed mail from. But this is not something > people are comfortable with if it is a public relaying service.
It is your _only_ choice if no sender rewriting is used by the relaying service. The only purpose of sender rewriting, regardless which exact method you use (SRS or some other scheme, such as the two I described a few hours ago), is to oblige the forwarder to assume full responsibility for the use of his domain name as the sender address of every mail he forwards. In the "old times" of the Internet where a.com (everybody) could send a message and claim it to come from x.com, forwarders would have to take no responsibility for what domains are used as the sender addresses of the mail they forward. As a result, everybody could simply claim to be a forwarder and then go ahead faking sender addresses happily. Rewriting the sender address to your own domain when forwarding authenticated (e.g. by SPF) mail, and thus taking responsibility for it, is the only way to fix sender address forgery without loopholes. (I am talking of "envelope sender address"/"return-path"/"hop-to-hop" forgery only. Crypto schemes like DomainKeys could be used to fix "PRA"/"From: header"/"end-to-end" forgery.) ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users