Ok, I'll bite. SRS is not part of SPF, it is just another protocol/method. SPF has a problem in that it only suggests the "possibility" of forgeries, yet some have put in place strict rules that take this beyond the suggestion. SRS is just one of several different proposed solutions for handling forwarded E-mail. It has the most clout of all of them because it was also loosely defined by SPF's creator as being a solution to the forwarding problem in a paper on their site (if I recall correctly). The bottom line here is that implementing SPF does not require implementing SRS. Their strategy for combining these things (and others), is far from clear at this time. Back to SRS. SRS isn't just simply changing the Mail From address, it is a system that requires both the encoding and parsing of the Mail >From addresses, and it requires both the sending and receiving MTA to be SRS aware. The following is from what is apparently the master SRS document located at http://www.libsrs2.org/srs/srs.pdf : The SRS scheme must ensure that it is not possible to construct an SRS address which forwards mail to an arbitrary user. This is achieved by introducing a cryptographic element into addresses such that it is possible to spot tampering with the destination user or host fields. The actual SRS address format looks like this:There is also an SRS1 format in addition to the SRS0 format above. SRS1 is for forwarding things that have already been forwarded by SRS. It's in the paper. One big caveat that the paper notes is the violation of RFC's 2821 and 2822 where there is a 64 character limit to the user address, and this limit is enforced by MailGuard and Cisco PIX, and I would imagine other MTA's. SRS "adds 21 characters plus two local hostnames as overhead to the local part" the paper explains. Maybe they should rewrite RFC 2811 and 2822 before releasing this? Another caveat is that hosts or admins that aren't SRS aware may improperly identify the forwarder's domain as being the source of spam. Another big issue is that SPF does not specify the mechanism for validating forwarding, and there are 4 other competing solutions that are summarized (not fully) on the following page: http://www.michaelbrumm.com/spf-forwarding.html The recommended forwarding mechanism for the proposed marrying of SPF and Caller ID is to add the "SUBMITTER" parameter to ESMTP. Even the SPF page on SRS mentions this as an alternative/replacement. None of this information seems to have been updated since somewhere in 2004. Note to Sandy: I think that Declude locks the Q* file, and if so, writing a Declude plug-in won't work. Besides that, it would only be a partial implementation of true SRS since the MTA needs to be aware in order to prevent forgeries. Matt Colbeck, Andrew wrote:
|
- Re[2]: [Declude.JunkMail] spf breaks email forwarding - Sanford Whiteman
- Re: [Declude.JunkMail] spf breaks email forwarding - Nick Hayer
- Re: [Declude.JunkMail] spf breaks email forwarding - Matt
- Re[2]: [Declude.JunkMail] spf breaks email forwa... Sanford Whiteman
- RE: Re[2]: [Declude.JunkMail] spf breaks email forwa... Colbeck, Andrew
- Re: [Declude.JunkMail] spf breaks email forwarding - Nick Hayer