[Asrg] Re: Receiver Initiated Authentication
David Nicol
davidnicol at gmail.com
Mon Sep 17 13:08:40 EDT 2007
On 9/17/07, Michael Kaplan <michaelkaplanasrg at gmail.com> wrote:
>
> I am concerned about forwarded email. Once the Receiver Generated SPF
> database is established then most of the unauthenticated ham will come via
> forwarders who already accepted the original email. I'm open to any
> suggestions on how to work around this, otherwise I still argue that highly
> selective bounces are only mildly evil.
Quarantine (or soft-fail) and query the recipient. Parse the headers in the
forwarded message; if a spf-good appears earlier, offer the addressee the
option of whitelisting the final relay. The addressee has signed up for the
protection, knowing there may be a touch of configuration. Integrate with
reputation systems (and refer to documentation strongly suggesting using
a SPF-compliant RFC 821 "SRS" envelope instead of a simplified one) in
the 450 rejection) and statistical analysis in deciding how to dispose of
such messages.
--
"I will not tolerate continued noncompliance"
-- Neelie Kroes
More information about the Asrg
mailing list