On 10/04/07, Magnus Holmgren <holmgren@???> wrote: > On Monday 09 April 2007 18:31, Peter Bowyer wrote:
> > On 09/04/07, Paul Johnson <baloo@???> wrote:
> > > Marc Perkel wrote in Article <460C04B6.70102@???> posted to
> > >
> > > gmane.mail.exim.user:
> > > > Just one quick question. Do domain keys break email forwarding the way
> > > > SPF does?
> > >
> > > SPF doesn't break forwarding if you implement SRS...
> >
> > Correction: SPF doesn't break forwarding if everyone (known or
> > unknown) who forwards your mail implements SRS.
>
> Correction: SPF doesn't break any forwarding that isn't seriously broken in
> itself (like me redirecting some of my mail to you without your consent, and
> without changing the envelope sender).
Ah, but your definition of 'broken' here is different from 'stops
working' - you're (correctly) observing that same-envelope forwarding
is (or at least, should be) end-of-life. In itself it still 'works',
is still in regular use everywhere, and the likes of Marc P are
entitled to observe that SPF 'breaks' it. An architectural 'broken' as
opposed to an implementation 'broken'.
> SPF doesn't break forwarding if employed carefully. Mail isn't forwarded
> totally randomly; in sane configurations a user U tells a system A to forward
> his mail to system B. If B wants to enforce SPF, they have to allow U to tell
> them about this forwarding, so that an exception can be made. A relatively
> secure and not too user-unfriendly way of doing this could be by letting the
> user forward their mail to a special address on this form:
> user+forwarded-(secret)@domain.example, where (secret) is a sufficiently
> random string.
... which is as unlikely to happen as universal SRS.
> Otherwise they could specify the IP addresses the forwarded
> mail can come from (but that's complicated), or in many cases simply
> specifying the mail address forwarded from, letting the SPF-enforcing server
> make educated guesses, can work.
Indeed, and the SPF project is discussing several alternatives to 'the
forwarder problem' which include a formalised way of doing just that.
All of them have significant implementation inertia, though.
In the meantime, use of SPF to give 'deny' decisions at the border is
likely to be unsafe, except where you either are sure about your
community of inward forwarders, or don't care about false positives.
Likewise, publishing '-all' in your SPF record is only safe when
either you know you can control use of your domain in MAIL FROM to a
sufficient degree, or you don't care about the same FPs as the
receiver doesn't care about.
Oh dear, we're straying into a 'dont go there' area for the list's
editorial policy. And since I'm co-responsible for enforcing it......