On 09.02.10 11:42, dar...@chaosreigns.com wrote: > I apparently need to clarify that I think this is a good idea because I am > concerned about the number of people (who control DNS records) who are very > strongly against creating SPF records specifically because of forwarding > breakage. The email I got in response to my request for my employer to > create an SPF record included the word "abomination". From a friend. > I don't entirely agree, but it is a problem for adoption. > > This is entirely an attempt to replicate the functionality of SPF without > breaking forwarding, and without causing other problems that might > discourage adoption.
Imho, SPF does NOT break forwarding. It only causes the broken forwarding to be rejected. If I forward your mail to other address from my aliases/virtuser/.forward/.procmailrc/whatever file, It is already not you who sent the mail (although the mail is from you and POSSIBLY not modified). Thus, I should rewrite the from address to indicate the mail is from me (nobody really needs to trust me the mail is from you, unless it's DKIM/PGP/SMIME signed). > I set this up for my mail server (using mtx instead of designatedsender): > > $ host -t PTR 64.71.152.40 > 40.152.71.64.in-addr.arpa domain name pointer panic.chaosreigns.com. > > $ host -t A 40.152.71.64.mtx.panic.chaosreigns.com > 40.152.71.64.mtx.panic.chaosreigns.com has address 127.0.0.1 So you define the IP 64.71.152.40 as OK when sending mail from @panic.chaosreigns.com. address. so it's the exactly same as panic.chaosreigns.com. IN SPF "v=spf1 a:64.71.152.40 -all" > I'll define it slightly differently: > 127.0.0.1 is a pass (negative SA score). > not found is a fail (positive SA score). what means "not found"? "66.3.168.195.mtx.panic.chaosreigns.com not found" would mean I'm not allowed to mail from "panic.chaosreigns.com" address? Or will my server be allowed to mail from your domain? Because SPF above defines this mail to be rejected and nonexistance of the mtx record would do the same, even it it's your forwarded e-mail. > 127.0.0.0 is a fail (positive SA score). > Anything else is undefined (0 SA score) for future options. > I'd still appreciate feedback on the format of the A record. ... > >> Is there any way this wouldn't be very useful? > > > > Is there any place where SPF does not do the same job, other than mail > > forwarding? > > No. But as I said, I am concerned about the potential for wide spread > adoption of SPF due to forwarding breakage enough that I think this would > be much more useful. So, since you don't believe SPF to be widely adopted, you expect your way to be adopted? And all admins must adopt that? Even if they did not adopt SPF/DKIM for a few years they exist? > > On 08.02.10 22:08, dar...@chaosreigns.com wrote: > > > So it's not tied to the SMTP MAIL FROM or anything. > > > Forwarding doesn't break. > On 02/09, Matus UHLAR - fantomas wrote: > > What do you mean by this? > > Do you want to implement new way of defining which hosts are permitted to > > send e-mail? > > Yes. > > There already are attempts to do this, with false positives and > > negatives. > > How is this not better than the other attempts? the correct question is "hwo is this better?". Creating not better system is useless. > > Yours is a bit complicated > > How is it complicated? You need to create 1 record per sending mail > server, in the form: > > <IP of mail server>.mtx.<hostname of mail server> > > (And the IP needs to be reversed as in all other A records that list IPs.) that's what I call complicated. SPF designs the same by using much easier way, using existing A/MX/PTR records, CIDR ranges, including other SPF records... > > and new which means everyone would > > need to implement this (otherwise he'd get false positives on his outgoing > > mail). > > Yes. http://www.rhyolite.com/anti-spam/you-might-be.html#programmer http://www.rhyolite.com/anti-spam/you-might-be.html#senior-IETF-member-5 which one applies to you? :) > > Therefore I think it won't work this way. > > This is why I said SA scores for a fail should be small at first. > > > Do you see any reason this wouldn't be more quickly adopted than SPF? yes, I think this ain't any better than SPF. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
