Mailing List Archive: A different tack [Was: Re: (SOLVED)...]

A different tack [Was: Re: (SOLVED)...]

May 2, 2007, 12:28 PM

Post #1 of 3 (1444 views)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been following this for a while now, and a potential mitigator of
the 3rd party bounce problem just occurred to me:

Don't bounce messages back to a site if the IP that submitted the
address fails SPF for that site. Just drop the bounce into /dev/null.

I would say don't accept it at all, but there may be any number of
reasons someone wants to submit an e-card from a public terminal or a
friend's house when they have an e-mail provider that supports strong
SPF checking.

- --
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor@vocalabs.com http://www.vocalabs.com/ (952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGOOZg8/QSptFdBtURAolzAJ432TSTT+Sb6LxdFA5N/8Ftx/eYYwCfcktF
KTbs/ESlBuyL6qlb4po9krA=
=+G9B
-----END PGP SIGNATURE-----

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

Re: A different tack [ In reply to ]

nobody at xyzzy

May 2, 2007, 1:29 PM

Post #2 of 3 (1350 views)

Permalink

Daniel Taylor wrote:

> Don't bounce messages back to a site if the IP that submitted the
> address fails SPF for that site. Just drop the bounce into /dev/null.

> I would say don't accept it at all

Yes, and that's correct. Publishers of SPF FAIL expect to get "good
bounces" when they meet the "old forwarder - clueless user - next hop
at third party rejects SPF FAIL" scenario. Or similar cases.

A rather convoluted case: Before Google finally managed that I sign
up for a GMail address because I wanted to use a feature that's only
available for GMail accounts they used an @xyzzy address as my main
address (not nobody@xyzzy :-)

And at that time I wanted to "invite" another person (actually me,
but at a completely unrelated GMX address) for some collaboration
tool (custom search or spreadsheets, it doesn't matter). Of course
I had configured the GMX address to reject SPF FAIL.

Of course Google (ab)used my @xyzzy address as return path for the
invitation. Of course GMX rejected the SPF FAIL as I wanted it, and
FWIW still want it. And not so obvious, Google bounced it then to
my @xyzzy address, behaving as if they were an "old forwarder" for
this invitation. Finally I got the bounce, all working as designed.

But if GMX or Google had silently dropped the FAIL I'd have no clue
what went wrong. Silently dropping mail is dangerous, you've to be
very sure that nobody wants the bounce, or rather that the address
noted in the return path doesn't want it.

The easiest fix in this example: Get that d****d GMail inbox and
share it with Googlebot if you want Google to send "mail from you".
You're not forced to use it for remotely "private" mail.

Frank

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

Re: Re: A different tack [ In reply to ]

peter at bowyer

May 2, 2007, 1:53 PM

Post #3 of 3 (1349 views)

Permalink

On 02/05/07, Frank Ellermann <nobody@xyzzy.claranet.de> wrote:

>
> The easiest fix in this example: Get that d****d GMail inbox and
> share it with Googlebot if you want Google to send "mail from you".
> You're not forced to use it for remotely "private" mail.

For some time now, Gmail does the 'right thing' with MAIL FROM- see
this message, for example. The MFROM is my gmail address.

Peter

--
Peter Bowyer
Email: peter@bowyer.org

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com