At 9:55 am +0000 2004/03/21, David Woodhouse wrote:
>they did not send, the page at http://www.infradead.org/rpr.html has an
>example of how to do that _without_ needing to change the way the world
>works. Basically you do rewriting only on your _own_ outgoing addresses,
>so the 'raw' address (e.g. dwmw2@???) is never used in valid
>MAIL FROM:. Then you can reject bounces to that address -- and anyone
>doing sender verification callouts will hence also reject faked mail
>_from_ that address.
this, I think, is even a worse method than SPF as it breaks those
mechanisms that rely on the envelope address.
Forwarding is broken already in that it can generate spurious
bounces, and the only way I see that solved is by having forwarding
explicitly authorised by the receiving end. A rule [accept:
<forwarding server>---><target local user>] should be set for each
authorised forwarding, and SPF or bounces problems go away.
Or am I having a delirium...?
Giuliano