SPF like schemes and bounce handling

From: Wietse Venema (no email)
Date: Fri Jan 09 2004 - 22:36:21 EST


> At 1/9/04 2:04 AM, Nico Wieland wrote:
>
> >AOL seems to have just implemented SPF ...
>
> If I'm understanding the way things work, this is actually going to cause
> problems for people who currently forward mail (we do a lot of offsite
> mail forwarding).
>
> If sends mail to , which
> forwards the message to , and
> example-destination.com uses SPF, then the mail is going to be rejected
> (because aol.com mail was relayed by an unauthorized host,
> example-forwarder.com).

Those who are risking to break SMTP in the name of fighting SPAM
are risking to break it further by requiring that every forwarding
MTA rewrites the original sender address to something at forwarder dot

This gets us from one problem into the next: how to correctly return
undeliverable mail to the original sender.

What happens when the forwarded message is undeliverable? As required
by the standard, the message will be returned to its envelope sender
address, which is now something at forwarder dot

If this "something" is the user's account at the forwarder, then
the undeliverable mail will never reach the original sender (the
forwarding MTA would have to remember FOR EVERY MESSAGE the
before-forwarding sender address for every individual message that
it forwards, something that is obviously not practical). So for
all practical purposes, the mail would be lost.

A more practical "solution" is for the forwarding MTA to encode
the before-forwarding sender address into the something at forwarder
address. The encoding cannot be direct like sender/domain at forwarder
(this would not only be fragile, it would also be subject to mail
relaying abuse). The "something" would have to be a cookie with
only a finite time to live, and its reverse mapping would be
known only to forwarding MTA.

For users whose mail passes through multiple forwarding service
providers this transformation will need to be reversible so that
undeliverable mail will correctly be forwarded from one provider
to the previous forwarding provider amd then to the original sender.

In other words, SPF like schemes alone break SMTP mail forwarding.
It is a mistake to replace the sender by user at forwarder: that causes
loss of undeliverable mail. Undoing the damage from SPF like schemes
requires a non-trivial and non-spoofable reversible address mapping
mechanism in every forwarding MTA.

        Wietse








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD