Re: [sa-list] Re: SPF is hopelessly broken and must die!

["Dan Mahoney, System Admin" <da...@prime.gushi.org>]

On Thu, 14 Dec 2006, Magnus Holmgren wrote:

> On Thursday 14 December 2006 01:37, Marc Perkel wrote:
>> How do you deal with people forwarding email from another domain when
>> using SPF?
>
> *If* you intend to reject mail based on hard SPF failures, then you *must*
> allow for exceptions for forwarded mail. Mail can only be forwarded from
> specific hosts, so while it might be tricky it's definitely possible to
> define such exception in a meaningful way.
>
> Demanding that forwarding between arbitrary hosts must simply work (without
> SRS, DKIM or some other mechanism) is to say that everyone must always trust
> the envelope sender and mail header like 20 years ago. That is what is really
> broken.

Heh, ironically, everytime I post to bind-users@isc.org, I get a DKIM 
failure report (but the mail still goes through to the list).  Clearly 
whatever mailing list software they're using is NOT dkim-aware.

-Dan

--

"Happy, Sad, Happy, Sad, Happy, Sad, Happy, Intruiged!  I've never been so
in touch with my emotions!"

-AndrAIa as Hexadecimal, Reboot Episode 3.2.3

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------