On Monday 09 April 2007 18:31, Peter Bowyer wrote:
> On 09/04/07, Paul Johnson <baloo@???> wrote:
> > Marc Perkel wrote in Article <460C04B6.70102@???> posted to
> >
> > gmane.mail.exim.user:
> > > Just one quick question. Do domain keys break email forwarding the way
> > > SPF does?
> >
> > SPF doesn't break forwarding if you implement SRS...
>
> Correction: SPF doesn't break forwarding if everyone (known or
> unknown) who forwards your mail implements SRS.
Correction: SPF doesn't break any forwarding that isn't seriously broken in
itself (like me redirecting some of my mail to you without your consent, and
without changing the envelope sender).
SPF doesn't break forwarding if employed carefully. Mail isn't forwarded
totally randomly; in sane configurations a user U tells a system A to forward
his mail to system B. If B wants to enforce SPF, they have to allow U to tell
them about this forwarding, so that an exception can be made. A relatively
secure and not too user-unfriendly way of doing this could be by letting the
user forward their mail to a special address on this form:
user+forwarded-(secret)@domain.example, where (secret) is a sufficiently
random string. Otherwise they could specify the IP addresses the forwarded
mail can come from (but that's complicated), or in many cases simply
specifying the mail address forwarded from, letting the SPF-enforcing server
make educated guesses, can work.
--
Magnus Holmgren holmgren@???
(No Cc of list mail needed, thanks)