[Asrg] mail security
Alessandro Vesely
vesely at tana.it
Wed Jan 21 08:05:12 PST 2009
John Leslie wrote:
> John Levine <johnl at taugh.com> wrote:
>> [SPF] only works for the subset of mail that is sent from a fixed point
>> to recipients who don't remail or forward it.
It works well also with a number of mailing lists. Alias expansions
admittedly leaves something to be desired. However, considering that
even rfc5321 screws up the term "forwarding" in that section, it
should be tolerated in an experimental rfc...
> Fundamentally, of course, the attempt to have one-size-fits-all
> processing by the receiving MTA is dubious. It's not the coding of SPF
> records that breaks forwarding: it's the processing of them. Relaxing
> the processing rules could help a lot.
Would you please expand on that? Relaxing rules implies the knowledge
that a message is being forwarded. Are you talking about whitelisting
well known forwarders, or what?
> And I see promise in the use of the pending
> Authentication-Results header (though I must agree with Doug Otis that
> it would be stronger if it included the IP address).
(
Hm... the header's name suggests it is reporting already acquired
results, as had been noted. I'm surprised Doug didn't propose an
additional test more in tune with that spirit, e.g.
Authentication-Results: example.com;
dnsbl=pass zone=zen.spamhaus.org address=192.0.2.3
)
More information about the Asrg
mailing list