Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SPF>
  3. Devel
forwardmaster autoresponder
radu.spf at ohmi
Apr 26, 2005, 10:17 AM
Post #1 of 11 (5076 views)
Permalink
Hello all,

I'm writing to seek involvement in an SPF-related project.

SPF has a long-standing, documented flaw in the way forwarders are
addressed. While SRS was an attempted solution, it appears that it has
serious implications for the forwarders, who are expected to implement it.

So, I propose an alternative method, the "forwardmaster" method.

Who/what is the forwardmaster and why is it needeed?
===============================================

The forwardmaster is a brother of the postmaster, in a sense.

The forwardmaster is an autoresponder that records the a user's
forwarded accounts. The user sends to the forwardmaster a list of
accounts where he expects to receive mail through in the local mailbox.

The autoresponder runs along side the user's domain mail system. Based
on the user's forwarding paths, the front-end MTAs can make personalized
SPF exceptions on behalf of that user, such that their forwarded email
still reaches them.

This way, email arriving at the user's mailbox via a forwarder will be
delivered, even though the SPF check on the MAIL-FROM fails.


Theory of operation
===================

The user makes up a list of his forwarded email addresses that are
forwarded to the current domain. He sends the list to the forwardmaster
autoresponder, who enters the list into a local database.

The front-end MTA needs to check SPF after RCPT, but before DATA. First,
the sender's SPF record is checked. Then, using the recipient forwarder
list, the domains on the list are checked for SPF "PASS".

If one of the forwarders's records authorizes the incoming IP address,
the front end MTA accepts the email, and passes information to the spam
filter downstream that the mail has likely arrived through a
user-approved forwarder. (ie, direct-SPF=fail + via-SPF=pass +
via=name@forwarder.com)

If a reputation database is used, it should be based on the forwarder.

If the domain has a backup-MX, it should be considered a global
forwarder for all users.

Who should implement this
=========================

- MTAs that deliver to mailboxes

- Due to the ability to daisychain forwarders, even a forwarder may
receive mail from another forwarder, and thus it's SPF check will fail.
It is recommended that forwarders know their upstream forwarding
arrangements in order to filter mail more reliably on behalf of their users.



Some concerns
=============

1. Privacy ... a list of the user's forwarders is on file with the
domain. Is this really an issue? The recipient domain is expected to
handle the user's mail, and the the same information can be obtained
from the email headers.

2. Junk arriving through forwarders

If the forwarder does a poor job of filtering junk
(spam/phish/whatever), it will be reflected in the user's mailbox.

Such junk will likely have the "To:" header point to the forwarded
account, so it's easy to identify that it wasn't the local domain that
allowed the junk, but a forwarder approved by the user. In the case of
forged headers, it will be unlikely that the forged "To:" contains the
local domain name, as a common forger does not know where the forwarded
account is actually delivered. In any case, it is the user's desire to
receive through that forwarder, and thus not the local domain's fault.

Some design requirements
========================

1. The forwardmaster should accept a list of forwarders only from users
with local mailboxes, or who have forwarding arrangements on the local
domain. The receiving MTA knows if the request email is genuine or not
(was it submitted locally? was a password used? does it pass my domain's
SPF checks if not?)

2. The forwardmaster should check the list of forwarders submitted by
the user, and report if some of them do not publish SPF records. For
those it should report that unauthorized mail is possible and likely to
arrive through that forwarder. Also, it should advice the user to
request the forwarder to publish SPF records.

3. When the request mail arrives from a third party, the forwardmaster
should inform the third party of the required procedure:

MAIL-FROM: postmaster@forwarder.com
RCPT-TO: forwardmaster@mydomain.com
550 "Dear postmaster@forwarder.com, please request your user to contact
forwardmaster@mydomain.com directly from their @mydomain.com account"

The same error message should be given if the sender fails SPF, or if
the sender is not a local user.

This would be used later when forwarders will automatically offer to
register the forwarded email account with the destination forwardmaster.

However, this third party registration will never work, so it's good to
set the ground-rules for this rejection message early, to avoid
misunderstandings later.

4. Mail to the forwardmaster is never forwarded from anywhere, so never
make SPF exceptions for the forwardmaster. Also, mail for the
forwardmaster is not expected through the backup MX, but may be expected
through the domain's backup outgoing servers, if any.

5. plain text should be supported initially, HTML and rich text later.

6. The format of the request from the user may be similar to a
mailing-list that allows "subscribe" messages to a list-request
autoresponder.

I would be very supportive if someone would work on this, and there are
more design details to be discussed that don't belong in this
introductory post.

I am currently working on integrating the SPF compiler into a DNS
server, and on several SPF reliability items that have been documented
before. I can and will write such an autoresponder when I'm done with
the current work, but if I have to do it all alone it will take me that
much longer.

This is a good time for SPF supporters to contribute, and your
contribution will be appreciated.

Thank you,
Radu.







-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
spf at metro
Apr 26, 2005, 12:27 PM
Post #2 of 11 (4947 views)
Permalink
I believe something similar can be done with macro's in the spf record
and a custom dns server.

Although on closer inspection i'm not sure. Here's the list of macro's:

s = <sender>
l = local-part of <sender>
o = domain of <sender>
d = <domain>
i = <ip>
p = the validated domain name of <ip>
v = the string "in-addr" if <ip> is ipv4, or "ip6" if <ip> is
ipv6
h = HELO/EHLO domain

So you would only need a rcpt to macro in addition to the above i
guess..

Just my 2 cents,

Koen

On Tue, Apr 26, 2005 at 01:17:28PM -0400, Radu Hociung wrote:
>
> So, I propose an alternative method, the "forwardmaster" method.
>
> Who/what is the forwardmaster and why is it needeed?
> ===============================================
>
> The forwardmaster is a brother of the postmaster, in a sense.
>
> The forwardmaster is an autoresponder that records the a user's
> forwarded accounts. The user sends to the forwardmaster a list of
> accounts where he expects to receive mail through in the local mailbox.
snip
> I am currently working on integrating the SPF compiler into a DNS
> server, and on several SPF reliability items that have been documented
> before. I can and will write such an autoresponder when I'm done with
> the current work, but if I have to do it all alone it will take me that
> much longer.

--
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, hosting, embedded systems, unix, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
radu at ohmi
Apr 26, 2005, 12:49 PM
Post #3 of 11 (4954 views)
Permalink
It would be roughly equivalent to adding a user-specified list of
include:'s in the local policy of the recipient MTA.

"Roughly" because for forwarders that don't publish an SPF record (yet),
the local policy would then result in "PermError", if the include points
to a non-existent SPF record.

One other reason it would not work is because the forwarders' SPF
records should be evaluated with a current_domain of the
forwarder_domain, not sender_domain, as the local policy would do.

So there would be multiple calls to check_host(), all with the same IP
address, but with different sender parameters.

Radu.


Koen Martens wrote:
> I believe something similar can be done with macro's in the spf record
> and a custom dns server.
>
> Although on closer inspection i'm not sure. Here's the list of macro's:
>
> s = <sender>
> l = local-part of <sender>
> o = domain of <sender>
> d = <domain>
> i = <ip>
> p = the validated domain name of <ip>
> v = the string "in-addr" if <ip> is ipv4, or "ip6" if <ip> is
> ipv6
> h = HELO/EHLO domain
>
> So you would only need a rcpt to macro in addition to the above i
> guess..
>
> Just my 2 cents,
>
> Koen
>
> On Tue, Apr 26, 2005 at 01:17:28PM -0400, Radu Hociung wrote:
>
>>So, I propose an alternative method, the "forwardmaster" method.
>>
>>Who/what is the forwardmaster and why is it needeed?
>>===============================================
>>
>>The forwardmaster is a brother of the postmaster, in a sense.
>>
>>The forwardmaster is an autoresponder that records the a user's
>>forwarded accounts. The user sends to the forwardmaster a list of
>>accounts where he expects to receive mail through in the local mailbox.
>
> snip
>
>>I am currently working on integrating the SPF compiler into a DNS
>>server, and on several SPF reliability items that have been documented
>>before. I can and will write such an autoresponder when I'm done with
>>the current work, but if I have to do it all alone it will take me that
>>much longer.
>
>

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Attached Files:

Re: forwardmaster autoresponder [ In reply to ]
birger.b at gmx
Apr 27, 2005, 12:41 AM
Post #4 of 11 (4940 views)
Permalink
Radu Hociung wrote:
> SPF has a long-standing, documented flaw in the way forwarders are
> addressed. While SRS was an attempted solution, it appears that it has
> serious implications for the forwarders, who are expected to implement it.

What's wrong with SRS apart from that people have to implement it?

Birger

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
radu at ohmi
Apr 27, 2005, 6:36 AM
Post #5 of 11 (4968 views)
Permalink
Birger Brunswiek wrote:
> Radu Hociung wrote:
>
>> SPF has a long-standing, documented flaw in the way forwarders are
>> addressed. While SRS was an attempted solution, it appears that it has
>> serious implications for the forwarders, who are expected to implement
>> it.
>
>
> What's wrong with SRS apart from that people have to implement it?

One of the objections I've seen is that if a piece of mail goes through
multiple forwarders, the length of the MAIL-FROM line grows such that it
may overflow the available space. I believe there is a 512-byte limit to
the length of the MAIL-FROM command. Also it is reported that the "local
part" of addresses in MAIL-FROM is limited to 64-bytes in RFC-2821.

Another objection was that forwarders would now have to take
responsibility for, and handle bounces. Before SRS, the bounces would go
to the initial sender. While this may be a reasonable expectation, it
implies bigger infrastructure changes for forwarders who's forwarded
volume is much higher than locally-delivered volume. I'm not doing this
argument justice, because I'm not familiar with SRS.

Another objection is the possibility of forged "bounce" messages.

Anyway, my intent is not to bash SRS in any way, but to find another
solution to the "forwarders" problem. This problem is one of the things
that is holding SPF back.

Regards,
Radu

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Attached Files:

RE: forwardmaster autoresponder [ In reply to ]
admin at asarian-host
Apr 27, 2005, 2:36 PM
Post #6 of 11 (4993 views)
Permalink
> -----Original Message-----
> From: owner-spf-devel@v2.listbox.com
> [mailto:owner-spf-devel@v2.listbox.com] On Behalf Of Radu Hociung
> Sent: woensdag 27 april 2005 15:37
> To: spf-devel@v2.listbox.com
> Subject: Re: [spf-devel] forwardmaster autoresponder
>
> Birger Brunswiek wrote:
>
> > Radu Hociung wrote:
> >
> >> SPF has a long-standing, documented flaw in the way forwarders are
> >> addressed. While SRS was an attempted solution, it appears that it
> >> has serious implications for the forwarders, who are expected
> >> to implement it.
> >
> > What's wrong with SRS apart from that people have to implement it?
>
> One of the objections I've seen is that if a piece of mail
> goes through multiple forwarders, the length of the MAIL-FROM line grows
> such that it may overflow the available space.

The objection you have seen, I'm happy to say, is totally bogus. :)
Regardless of the number of forwarders a mail goes through, an SRS[01]
address essentially remains the same length (barring small differences in
domain name parts and hash-length) across multiple encodings.

> I believe there is a
> 512-byte limit to the length of the MAIL-FROM command. Also it is
> reported that the "local part" of addresses in MAIL-FROM is limited
> to 64-bytes in RFC-2821.

From RFC 2821 ("4.5.3.1 Size limits and minimums"):

local-part
The maximum total length of a user name or other local-part is 64
characters.

domain
The maximum total length of a domain name or number is 255
characters.

path
The maximum total length of a reverse-path or forward-path is 256
characters (including the punctuation and element separators).

command line
The maximum total length of a command line including the command
word and the <CRLF> is 512 characters. SMTP extensions may be
used to increase this limit.

> Another objection was that forwarders would now have to take
> responsibility for, and handle bounces. Before SRS, the
> bounces would go to the initial sender. While this may be a reasonable
> expectation, it implies bigger infrastructure changes for forwarders
> who's forwarded volume is much higher than locally-delivered volume.
> I'm not doing this argument justice, because I'm not familiar with SRS.

Since SRS addresses are written in 'short-hand' notation, so to speak, the
middle man is always cut out across multiple forwards; so the overhead is
mitigated considerably (and essentially brought back to just 1 extra point
of transit in those cases).

> Another objection is the possibility of forged "bounce" messages.

Actually, the opposite is true. :) Since SRS addresses are signed,
"forged" bounce messages (fake DSNs) are easily spotted and dealt with (I
am doing this since ages). SRS (or SES) is perfect for this purpose. SRS
addresses allow for a small 'replay' window of MaxAge days (in 'guarded'
scheme; the dbase variant always produces unique hashes). A replay window
of MaxAge is, of course, always infinitely better than the 'infinity' days
replay window of unsigned addresses. :)

Regards,

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
radu at ohmi
Apr 27, 2005, 5:33 PM
Post #7 of 11 (4938 views)
Permalink
Mark wrote:
>>>Radu Hociung wrote:
>>>>SPF has a long-standing, documented flaw in the way forwarders are
>>>>addressed. While SRS was an attempted solution, it appears that it
>>>>has serious implications for the forwarders, who are expected
>>>>to implement it.
>>>
>>>What's wrong with SRS apart from that people have to implement it?
>>
>>One of the objections I've seen is that if a piece of mail
>>goes through multiple forwarders, the length of the MAIL-FROM line grows
>>such that it may overflow the available space.
>
>
> The objection you have seen, I'm happy to say, is totally bogus. :)
> Regardless of the number of forwarders a mail goes through, an SRS[01]
> address essentially remains the same length (barring small differences in
> domain name parts and hash-length) across multiple encodings.
>
>
>>I believe there is a
>>512-byte limit to the length of the MAIL-FROM command. Also it is
>>reported that the "local part" of addresses in MAIL-FROM is limited
>>to 64-bytes in RFC-2821.
>
>
> From RFC 2821 ("4.5.3.1 Size limits and minimums"):
>
> local-part
> The maximum total length of a user name or other local-part is 64
> characters.
>
> domain
> The maximum total length of a domain name or number is 255
> characters.
>
> path
> The maximum total length of a reverse-path or forward-path is 256
> characters (including the punctuation and element separators).
>
> command line
> The maximum total length of a command line including the command
> word and the <CRLF> is 512 characters. SMTP extensions may be
> used to increase this limit.
>
>
>>Another objection was that forwarders would now have to take
>>responsibility for, and handle bounces. Before SRS, the
>>bounces would go to the initial sender. While this may be a reasonable
>>expectation, it implies bigger infrastructure changes for forwarders
>>who's forwarded volume is much higher than locally-delivered volume.
>>I'm not doing this argument justice, because I'm not familiar with SRS.
>
>
> Since SRS addresses are written in 'short-hand' notation, so to speak, the
> middle man is always cut out across multiple forwards; so the overhead is
> mitigated considerably (and essentially brought back to just 1 extra point
> of transit in those cases).
>
>
>>Another objection is the possibility of forged "bounce" messages.
>
>
> Actually, the opposite is true. :) Since SRS addresses are signed,
> "forged" bounce messages (fake DSNs) are easily spotted and dealt with (I
> am doing this since ages). SRS (or SES) is perfect for this purpose. SRS
> addresses allow for a small 'replay' window of MaxAge days (in 'guarded'
> scheme; the dbase variant always produces unique hashes). A replay window
> of MaxAge is, of course, always infinitely better than the 'infinity' days
> replay window of unsigned addresses. :)

Hi Mark,

Thank you for the reply.

If all the concerns are bogus (I don't think I gave an exhaustive list),
then the question that remains is ... why aren't forwarders implementing
it? Or are they?

Is there a place where all the SRS-related objections are examined and
rebutted?


Greetings,
Radu.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
RE: forwardmaster autoresponder [ In reply to ]
admin at asarian-host
Apr 27, 2005, 8:00 PM
Post #8 of 11 (4971 views)
Permalink
> -----Original Message-----
> From: owner-spf-devel@v2.listbox.com
> [mailto:owner-spf-devel@v2.listbox.com] On Behalf Of Radu Hociung
> Sent: donderdag 28 april 2005 2:34
> To: spf-devel@v2.listbox.com
> Subject: Re: [spf-devel] forwardmaster autoresponder
>
>
> Hi Mark,
>
> Thank you for the reply.
>
> If all the concerns are bogus (I don't think I gave an
> exhaustive list), then the question that remains is ...
> why aren't forwarders implementing it? Or are they?

Hi Radu,

Of course, not all objections to SRS are bogus per se. :) The ones you
heard of and mentiond really are, I think (certainly the first one).

> Is there a place where all the SRS-related objections are
> examined and rebutted?

There is, to my knowledge, really only one objection to SRS still
standing, and that is that it requires the cooperation of all forwarders
in a chain (but not that of all forwarders on a reverse-path traject, as I
outlined earlier). The 'solution', however, a true p2p crypto scheme,
IMHO, faces similar difficulties, in that mid-points cannot change the
message-body. Which is harder than it seems. Not to stir up the whole SRS
vs. SES debate again, but even today I noticed that sendmail had prepended
a ">" character to the first word "From" on a line of my post (so as to
avoid mbox format confusion). And I realized a tiny thing like that
already breaks crypto (unless it is really 'fuzzy') when done by a
mid-point. Mid-points would then have to re-sign a message in transit if
they cannot keep it cryptographically intact. To which I then often rebut
that, in the case where you have to resign anyway, a quick SRS rewrite is
substantially faster.

All-in-all, for argument's sake, if there can roughly be said to two
camps: SRS vs. p2p crypto, then both, I would say, face difficulties to
overcome. My money is still on SRS, though. The best place to discuss SRS
issues is, naturally, srs-discuss. There is no one place that lists and
rebuts SRS objections; but you just gave me a good idea. :)

Regards,

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
radu at ohmi
Apr 27, 2005, 10:13 PM
Post #9 of 11 (4981 views)
Permalink
Mark wrote:
> There is, to my knowledge, really only one objection to SRS still
> standing, and that is that it requires the cooperation of all forwarders
> in a chain (but not that of all forwarders on a reverse-path traject, as I
> outlined earlier).

I would almost be tempted to think that until all forwarders implement
SRS, the "FAIL" result of SPF is of no practical use.

I thought the forwardmaster approach allows each recipient domain to
take control of the reliability of its FAIL rejects.

If a domain implemented the forwardmaster, it could _confidently_ reject
FAILs as soon as its local "flag day".

OTOH, if the domain waited for all forwarders to implement SRS, it could
not confidently deal with SPF FAIL until all forwarders implemented it.
That would likely be a much longer period, possibly infinite.

Would you not agree that the reliability of a domain's deliveries to
local mailboxes should at the very least not depend on the rest of the
world's (forwarders) cooperation?

Unfortunately, until SPF FAIL can be confidently dealt with, SPF is not
very useful. I think we have an interdependency between SPF and SRS that
will take a long time to resolve. Ie, SPF is no good without SRS, and
SRS makes no sense without SPF. By "no good" I mean only marginally
useful, of course :)


Since RFC2821 specifies how forwarding should be done (by changing RCPT
TO and keeping everyhting else unchanged), would SRS not render that RFC
obsolete? Here's the para I'm thinking of:

3.10.1 Alias

To expand an alias, the recipient mailer simply replaces the pseudo-
mailbox address in the envelope with each of the expanded addresses
in turn; the rest of the envelope and the message body are left
unchanged. The message is then delivered or forwarded to each
expanded address.



> All-in-all, for argument's sake, if there can roughly be said to two
> camps: SRS vs. p2p crypto, then both, I would say, face difficulties to
> overcome. My money is still on SRS, though. The best place to discuss SRS
> issues is, naturally, srs-discuss. There is no one place that lists and
> rebuts SRS objections; but you just gave me a good idea. :)

Looking forward to the SRS-objections article :)

Greetings,
Radu.

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

Attached Files:

RE: forwardmaster autoresponder [ In reply to ]
admin at asarian-host
Apr 28, 2005, 9:15 PM
Post #10 of 11 (4971 views)
Permalink
> -----Original Message-----
> From: owner-spf-devel@v2.listbox.com
> [mailto:owner-spf-devel@v2.listbox.com] On Behalf Of Radu Hociung
> Sent: donderdag 28 april 2005 7:13
> To: spf-devel@v2.listbox.com
> Subject: Re: [spf-devel] forwardmaster autoresponder
>
>
> I thought the forwardmaster approach allows each recipient domain to
> take control of the reliability of its FAIL rejects.

The way I understand your proposal, is that the forwardmaster approach is
a localized version of the trusted-forwarders.org, where 'forwardmaster'
is some kind of bot adding trusted forwarders for local users, right?

> The "HELO" check not a useful or reliable check as
> far as I can tell.

A HELO check is as useful as you want it to be (provided it matches the IP
address of the connecting host, of course). In your example, if you
encounter "mailout.godaddy.com" for EHLO/HELO name, and it resolves to the
connecting IP adddress, then you have a useful entity that you could use
for all sorts of early-out algorithms.

> When vanity domains are registered and email-forwarding is enabled,
> all those vanity domains are forwarded through a single service.
> One SMTP server probably handles hundreds or thousands of domains.
> So what is the meaning of the word following HELO?

When it resolves to the connecting IP, that 'word' designates the name of
the relay. It could be "oneforall.hosting.com" (without that domain name
ever being used even), who cares? As long as you can use to for
whitelisting, and it resolves properly, it is as useful as you want it to
be.

> When you get letters, does the name of the postman make
> any difference?

It does, when the sender of the letter has designated who is an authorized
relay. Surely you do no want your mail delivered by just anyone, do you?

> One SMTP server probably handles hundreds or thousands of domains.

If the first name of the postman could be said to be the 'localpart' of an
address, and his surname the 'domain name' part, then, indeed, hist first
name is irrelevant, as long as you recognize, and validated, his HELO
'domain name' part. Therefore, a HELO based local whitelisting would have
my preference.

> Would you not agree that the reliability of a domain's deliveries to
> local mailboxes should at the very least not depend on the rest of the
> world's (forwarders) cooperation?

Delivery to your mail boxes, at the very least, always requires the
cooperation of the rest of the world. :)

Seriously, local whitelisting is not bad, of course. And, indeed, it may
help you make a true 'FAIL' determination, with confidence. But I do not
think it is a solution in the sense of really solving the forwarding
'problem' (the jury is still out on whether there really is a forwarding
'problem' -- and if, what size it is). What it does do, however, is mask
the problem. Masking is often done at local whitelisting; and also not
necessarily bad. It would be nice, though, if MTAs, amongst themselves,
found a solution (like SRS), without involving the cooperation of
recipients. Ultimately, it feels cleaner to me.

Regards,

- Mark

System Administrator Asarian-host.org

---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com
Re: forwardmaster autoresponder [ In reply to ]
radu at ohmi
Apr 29, 2005, 10:53 AM
Post #11 of 11 (4968 views)
Permalink
Mark wrote:
>>-----Original Message-----
>>From: owner-spf-devel@v2.listbox.com
>>[mailto:owner-spf-devel@v2.listbox.com] On Behalf Of Radu Hociung
>>Sent: donderdag 28 april 2005 7:13
>>To: spf-devel@v2.listbox.com
>>Subject: Re: [spf-devel] forwardmaster autoresponder
>>
>>
>>I thought the forwardmaster approach allows each recipient domain to
>>take control of the reliability of its FAIL rejects.
>
>
> The way I understand your proposal, is that the forwardmaster approach is
> a localized version of the trusted-forwarders.org, where 'forwardmaster'
> is some kind of bot adding trusted forwarders for local users, right?

There is a critical difference:

Trusted forwarder provides authorization for individual IP addresses or
host names known to one or more people as sources of 'good' mail

forwardmaster provides no authorization. It only lists alternative
domains that should be queried for authorization. It also makes it
possible to allow mail to be delivered if no positive authorization is
found (ie, if at least one of the known forwarders for the user resolves
in anything but a FAIL SPF result - if all forwarders but one say
"FAIL", the mail is still delivered)

The two methods are similar in purpose, but their reliability is vastly
different. Trusted-forwarders cannot provide an exhaustive list of
forwarders. Forwardmaster does. Also, while incomplete, trusted
forwarders authorizes all known forwarders, while the forwardmaster only
lists domains that are known to have a relationship with the local users.

>>The "HELO" check not a useful or reliable check as
>>far as I can tell.
>
>
> A HELO check is as useful as you want it to be (provided it matches the IP
> address of the connecting host, of course). In your example, if you
> encounter "mailout.godaddy.com" for EHLO/HELO name, and it resolves to the
> connecting IP adddress, then you have a useful entity that you could use
> for all sorts of early-out algorithms.

About the reliability:

The trouble is that none of the relevant RFCs require the hello name to
be a DNS resolvable FDQN.

The fact that a lot of servers do use their hostname is not a guarantee
that all properly configured servers will.

About the usefulness:

There are 300M domain names, but probably much fewer SMTP servers. This
means that for most domains, the HELO name is not related to the
MAIL-FROM name. So looking for authorization from the mail server is not
useful.

The fact that most of the mail volume comes from domains that operate
their own mail servers is not a guarantee that all domains do or can.

The mail server is the messenger, not the sender. As far as SPF is
concerned, it's the sender's authorization that is sought, not the
messenger's.

>>When vanity domains are registered and email-forwarding is enabled,
>>all those vanity domains are forwarded through a single service.
>>One SMTP server probably handles hundreds or thousands of domains.
>>So what is the meaning of the word following HELO?
>
>
> When it resolves to the connecting IP, that 'word' designates the name of
> the relay. It could be "oneforall.hosting.com" (without that domain name
> ever being used even), who cares? As long as you can use to for
> whitelisting, and it resolves properly, it is as useful as you want it to
> be.

All but the cheapest spam software is smart enough to do a reverse
lookup on the connection IP and use that for the HELO name.

So the usefulness of verifying that the helo name and the IP match is
limited to filtering our the crappiest of spam software.

But keep in mind what I mentioned above, that properly configured mail
servers are not required by any RFC to use their FQDN in their HELO
message. localhost.localdomain is perfectly legal, but a bit rude. :)

I think you can expect that in the future all the crap spamware be
replaced by more updated software that is RFC compliant.

>>When you get letters, does the name of the postman make
>>any difference?
>
> It does, when the sender of the letter has designated who is an authorized
> relay. Surely you do no want your mail delivered by just anyone, do you?

When I send mail I have no idea who will be delivering it to the
recipient, and nor do I need to know.

What matters is that:

a. the mail gets delivered.
b. to the person I intended it for.

Of course in Canada we have personalized service where you can hire a
courier that will personally deliver the mail. But this is an expensive
service, and it's not really intended for the bulk of the mail. :)

>>One SMTP server probably handles hundreds or thousands of domains.
>
> If the first name of the postman could be said to be the 'localpart' of an
> address, and his surname the 'domain name' part, then, indeed, hist first
> name is irrelevant, as long as you recognize, and validated, his HELO
> 'domain name' part. Therefore, a HELO based local whitelisting would have
> my preference.
>
>
>>Would you not agree that the reliability of a domain's deliveries to
>>local mailboxes should at the very least not depend on the rest of the
>>world's (forwarders) cooperation?
>
> Delivery to your mail boxes, at the very least, always requires the
> cooperation of the rest of the world. :)

It's the reliability of the transfer on the last MTA connection before
the MDA that is questioned. Once a piece of good mail has made it all
the way to the proper MTA, the reliability with which that MTA delivers
it to the user does not need to depend on anyone else, I think.

> Seriously, local whitelisting is not bad, of course. And, indeed, it may
> help you make a true 'FAIL' determination, with confidence. But I do not
> think it is a solution in the sense of really solving the forwarding
> 'problem' (the jury is still out on whether there really is a forwarding
> 'problem' -- and if, what size it is). What it does do, however, is mask
> the problem. Masking is often done at local whitelisting; and also not
> necessarily bad. It would be nice, though, if MTAs, amongst themselves,
> found a solution (like SRS), without involving the cooperation of
> recipients. Ultimately, it feels cleaner to me.

I would not claim the forwardmaster is the ultimate solution. I just
want to implement it and offer it to the world for evaluation. I'm not
trying to make it a standard, or anything like that.

Certainly, some domains might have a web interface for it, some domains
might take a guess by looking at the headers of email that was not spam,
and thus not even involve the user (much). I only need to implement a
basic autoresponder.

All I'm looking for is a volunteer or two to help with the
implementation effort :) I think the name "forwardmaster" is more
complicated than the code to implement it ;)

I'm not sure currently what the best design approach would be. Perhaps a
milter? a mailer? an external program? something else?

Greetings,
Radu.









-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-devel@v2.listbox.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal