[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: @debian.org email forwarding and SPF

On Sat, May 15, 2004 at 03:08:41PM -0400, John Belmonte wrote:
> The debian.org forwarding done by the LDAP distributed email system 
> doesn't seem to implement the sender rewriting scheme 
> (http://spf.pobox.com/srs).

> The implication is that if someone sends email from a domain publishing 
> SPF records to a debian.org address that has forwarding enabled, and if 
> the recipient's mail server is doing SPF filtering, the message will 
> bounce.  Note that you can't really blame the Debian developer in this 
> situation: he doesn't control the sender's domain policy, and in many 
> cases doesn't control his ISP's mail filtering policy.

Since SPF is supposed to work off envelope address (SMTP FROM) as far as
I remember, surely this would be solved by having the Debian mail server
use the @d.o email address (the original To:) as the new envelope sender?

I'm not sure this is the best solution, and there's a whole whackload of
problems, I'm sure. But having only discovered SPF in the recent article
on slashdot about Yahoo! DomainKeys, I'm stuck between implementing this
for my ISP, and trying to work out if this will break the fact I usually
send mail from my @pobox.com address and my @anu.edu.au address from all
over the Internet. (Well, not actually true, but enough for the purposes
of discussing SPF).

However, I really think that SRS thing is awful looking. :-(

Ah, just thought of the first problem with my above suggestion, it makes
bounces come back to @debian.org, which would cause a mail loop assuming
no special handling is done, eg with an extra header, say:
X-Debian-Org-origsender: <OriginalEnvelopeSender>
or something of the like.

> I know SPF and SRS are religious topics, but regardless of one's views, 
> as SPF use increases we're going to see more messages to DD's bounce. 
> We should at least be aware of the situation.

This is true, and a worry.

SPF basically undoes the recent attitude of "SMTP traffic should be sent
via your local ISP's SMTP server, not via the SMTP server that _receives_
mail for the domain you're sending from." which is asymmetrical routing.
SPF provides symmetrical SMTP routing ("reverse MX") with the ability of
the domain zone controller to allow extra sources of email.

Paul "TBBle" Hampson, MCSE
7th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

This email is licensed to the recipient for non-commercial
use, duplication and distribution.

Attachment: signature.asc
Description: Digital signature

Reply to: