Re: [exim] Domain Keys

Pàgina inicial
Delete this message
Reply to this message
Autor: Magnus Holmgren
Data:  
A: exim-users
Assumpte: Re: [exim] Domain Keys
On Tuesday 10 April 2007 15:11, Arthur Hagen wrote:
> On Tue, 2007-04-10 at 12:20 +0200, Magnus Holmgren wrote:
> > SPF doesn't break forwarding if employed carefully. Mail isn't forwarded
> > totally randomly; in sane configurations a user U tells a system A to
> > forward his mail to system B. If B wants to enforce SPF, they have to
> > allow U to tell them about this forwarding, so that an exception can be
> > made. A relatively secure and not too user-unfriendly way of doing this
> > could be by letting the user forward their mail to a special address on
> > this form:
> > user+forwarded-(secret)@domain.example, where (secret) is a sufficiently
> > random string. Otherwise they could specify the IP addresses the
> > forwarded mail can come from (but that's complicated), or in many cases
> > simply specifying the mail address forwarded from, letting the
> > SPF-enforcing server make educated guesses, can work.
>
> And what happens then when the receiving MTA needs to send a
> notification back to the sender?


No changes there, IIUYC. Or what do you mean? If B needs to send a
notification, it uses the original return address, which was allowed to
remain unaltered in this scheme.

> One of the biggest complaints I hear about SPF is from travelling
> people, who want to compose messages offline and send them the instant
> they get an internet connection again, without having to jump through
> VPN hoops. Like they always have done. If SPF changes that, then SPF
> breaks that.


If the requirement is that unauthenticated mail can be sent anywhere from
anywhere, I can't see how any progress can be made. Besides, jumping through
VPN hoops is hardly necessary when submission on the standard port 587 is
available.

(Unauthenticated probably wasn't what you meant; your option then is DKIM
(either implemented in the MUA or in some mini SMTP server running on the
laptop; both seem like more work than using port 587, and if the connectivity
provider block it they need education).)

-- 
Magnus Holmgren        holmgren@???
                       (No Cc of list mail needed, thanks)


"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans