Hi. Am Montag, 5. November 2007 schrieb Alessandro Vesely: > > SPF can only get spread if the forwarding-problem gets solved. SRS is a > > proposition for this but is not that accepted (see, courier doesn't > > support it because Sam calls it broken (iirc)). > IMHO forwarding is not a problem. Although I admit I had to amend a few > scripts, typically adding a "-f [EMAIL PROTECTED]" in the relevant > command line, where <[EMAIL PROTECTED]> is delivered to the person > who can remove that command line (me, in my case). > > When a forwarding fails, I just remove it. If a DSN is required I send it > manually. In facts, I have no automated methods to add forwarding rules.
Ehm, I won't call this a useful way to go. If you get more than a bounce a week, this starts buggin', doesn't it? :) > > So if one enforces SPF (or, rejects messages with failed SPF checks), he > > relies on every one else implements SRS (or something similar) or breaks > > regular forwarding to his host. > Yes, people cannot illegally forward foreign messages. That is consistent > with European privacy rules. I think it's not. Forwards that are set up by the recipient shouldn't be illegal. This problem is IMHO exactly what SRS tries to resolve. If one of my customers forwards mail to his other account at some other company, the destination server rejects my message because the sender's address is still set to the original sender (that sent the message to me) and I am not listed as a valid sender for the sender's domain. That's a really common scenario and requires that the forwarding mail server rewrites the envelope sender to end up in his own domain that allows him to send mail (SPF-wise). But simply rewriting the sender breaks automatic bounce processing. For sure, I could use some per-user-script outside the mail server that does SRS (or any similar way) but that's not really easy to maintain. > > SPF standalone doesn't really help anything. > It helps the owner of a domain to avoid that others abuse of it. And causes that his mail not to be forwarded if the destination is just a forward to another host and the forwarder does no sender rewriting. I meant "SPF without widespread SRS" when I wrote "SPF standalone". > Its relevance as an anti-spam device is to force spammers to send from > their own domains, so that receivers know where they may claim damages. > (Which will only happen when all hosts have SPF records) Absolutely, SPF should never be considered an anti-spam device. It was developed as anti-forgery device and that's what it is. In a world free of forged e-mail sender addresses, fighing spam is much easier to do, but SPF does nothing against spam. cu, Bernd -- Lautsprecher verstärken die Stimme, aber nicht die Argumente.
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
