[Asrg] mail security
Bill Cole
asrg3 at billmail.scconsult.com
Mon Jan 26 20:16:55 PST 2009
John Leslie wrote, On 1/23/09 9:13 AM:
> Ian Eiloart <iane at sussex.ac.uk> wrote:
>> --On 21 January 2009 12:27:56 -0500 John Leslie <john at jlc.net> wrote:
>>
>>> However, there are a limited number of ways that forwarding might be
>>> shown in the trace headers, so it should be practical to determine that
>>> a forwarding is documented (though possibly forged).
>>>
>>> We then have a quite different situation from what raw SPF processing
>>> would indicate. Thus I claim the rules deserve to be relaxed (without
>>> going into detail how).
>
> The point I was attempting to make is that SPF records _can_ accurately
> reflect sender policy, while SPF processing will incorrectly indicate a
> violation of it.
There's also a subtle variation on that...
It was discussed (even here) in the early development of SPF that a trailing
'-all' can and perhaps should be read as a 'do not forward' policy
statement by a domain owner. That was not considered a valuable feature by
the people who ended up promoting SPF, but there are people who publish such
records with the intent of expressing such a policy.
Whether such a policy should be within the authority of a domain owner is a
knotty question.
More information about the Asrg
mailing list