Hi !!
Just thinking about the forwarding problem that SPF introduces and the
proposals to use cookies or message-id's I come with an idea that mixes all
of them, the only drawback I could see is that it really needs patching MTA's,
on the other hand it will not break anything, including email forwarding.
The idea tries to identify hosts authorized to send email in behalf on
each sender domain.
It's based on SPF
http://spf.pobox.com/
It reflects ideas suggested by mjd
http://archives.listbox.com/spf-discuss@v2.listbox.com/200309/0017.html
And can be seen as an upside-down version of djb's IM2000.
http://cr.yp.to/im2000.html
Here it is:
- Each COOKIE capable SMTP server announces this condition to
other servers in the response to the EHLO command adding the
text 'COOKIES' to the list of supported features
- When a COOKIE capable server sends a local email to any remote
COOKIE capable server it adds a cookie to the MAIL FROM command
by using the new COOKIE argument to the MAIL FROM command. This
cookie must be in the form <id@host> where 'id' is a unique
identifier and 'host' is it's hostname. It also must keep a
record that uniquely associates this id and the original sender
with the ip of the remote server (so it knows to which host the
cookie has been delivered)
- When a COOKIE capable server receives an email with a cookie
in the COOKIE argument to the MAIL FROM command it should do
a dns lookup on 'host.domain.com' where 'host' is the hostname
specified in the cookie and 'domain.com' is the domain of the
envelope sender specified in the MAIL FROM command
- If the dns lookup yields the ip address of the remote party
then the message should be accepted
- If the dns lookup does not yield the ip address of the remote
party then the cookie has to be validated at the ip address
that results from the dns lookup.
- That validation is done via smtp by connecting to the remote
server and issuing the new smtp command 'TEST COOKIE' using as
the arguments to this command the cookie id, the envelope sender
and the ip address of the remote host that used the cookie in
the MAIL FROM command. If the remote server validates the cookie
the message could be accepted, if the cookie is not validated the
message could be rejected. If the remote server does not
announce itself as COOKIE capable then this check must be
skipped.
- Once the cookie has been validated, the remote server
must update it's records so the ip address of the host that
request the validation is associated with that cookie.
- When a COOKIE capable server forwards an email it must also
use the COOKIE argument to the MAIL FROM command to pass the
same cookie to the next server if the remote server is COOKIE
capable.
This is just an idea, criticisms are welcome.
--
Best regards ...
Discoveries are made by not following instructions.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------