On Tuesday 10 April 2007 15:11, Arthur Hagen wrote: > On Tue, 2007-04-10 at 12:20 +0200, Magnus Holmgren wrote: > > SPF doesn't break forwarding if employed carefully. Mail isn't forwarded > > totally randomly; in sane configurations a user U tells a system A to > > forward his mail to system B. If B wants to enforce SPF, they have to > > allow U to tell them about this forwarding, so that an exception can be > > made. A relatively secure and not too user-unfriendly way of doing this > > could be by letting the user forward their mail to a special address on > > this form: > > user+forwarded-(secret)@domain.example, where (secret) is a sufficiently > > random string. Otherwise they could specify the IP addresses the > > forwarded mail can come from (but that's complicated), or in many cases > > simply specifying the mail address forwarded from, letting the > > SPF-enforcing server make educated guesses, can work. > > And what happens then when the receiving MTA needs to send a > notification back to the sender?
No changes there, IIUYC. Or what do you mean? If B needs to send a
notification, it uses the original return address, which was allowed to
remain unaltered in this scheme.
> One of the biggest complaints I hear about SPF is from travelling
> people, who want to compose messages offline and send them the instant
> they get an internet connection again, without having to jump through
> VPN hoops. Like they always have done. If SPF changes that, then SPF
> breaks that.
If the requirement is that unauthenticated mail can be sent anywhere from
anywhere, I can't see how any progress can be made. Besides, jumping through
VPN hoops is hardly necessary when submission on the standard port 587 is
available.
(Unauthenticated probably wasn't what you meant; your option then is DKIM
(either implemented in the MUA or in some mini SMTP server running on the
laptop; both seem like more work than using port 587, and if the connectivity
provider block it they need education).)
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
pgppSdg9517mo.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
