| Walt Mankowski on 23 Mar 2004 04:05:02 -0000 |
|
On Mon, Mar 22, 2004 at 10:10:16PM -0500, Stephen Gran wrote: > The major problem with SPF is that it doesn't preserve the envelope, > as far as I can tell. This means that if email (which relies on the > store-and-forward-based nature of smtp) passes through multiple hosts > that like and use SPF, the original envelope will be lost. At the > final server, if it bounces, who do I send the bounce to? The last > forwarder (that is what the envelope from would be)? The header from:? > In other words, my email goes from some spammer -> address A -> address > B -> address C. Address C 550's it, and Address B does what with it? > Bounce to Address A? Deliver to my local account on Address B, which > forwards again to address C? If it bounces to Address A, we get the > same thing again. This is not a new problem that SPF created really, but > modifying the original envelope greatly exacerbates it. This would lead > to problems with mail forwarding, which is a long standing email practice. > It would also beat up things like secondary MX's, but they already get > pretty beat up :) > > The upside to SPF, sender host verification, only works if literally > everybody is doing it, with the exception of spammers. Since I see many > hosts out there that don't even do ESMTP yet, I doubt that this will be > a reality any time soon. And given that Microsoft will probably > implement it's own proprietary anti-spam system sometime soon, none of > the IIS boxes out there will do any of this. > > It doesn't seem to fix as much as it breaks, sadly. Have you read http://spf.pobox.com/faq.html#forwarding and http://spf.pobox.com/srs.html ? Attachment:
signature.asc
|
|