nanog mailing list archives
Re: SPF Configurations
From: Douglas Otis <dotis () mail-abuse org>
Date: Mon, 7 Dec 2009 11:20:09 -0800
On Dec 7, 2009, at 9:51 AM, Michael Holstein wrote:
The problem we face is that some people we work with can't do thatThen explain that client-side (their users, to whom they send mail) are probably using Hotmail, et.al. and SPF will simply not allow "spoofing" which is what they want to do, unless they either : A) add the SPF record as previously mentioned. It's a TXT record under their root and isn't hard at all.
An authorization tied to a PRA or Mail From will not prevent spoofing, it just constrains the risks to those with access to a provider's service. A provider could insure a user controls the From email-address, but this would conflict with the IP path registration schemes.
B) permit you to use a subdomain (like "user () theircompanymail yourdomain com").
A provider can ensure any signed From email-address is controlled by its users by using ping-back email confirmations appended to user profiles. There is a proposal aimed at reducing DNS overhead and scalability issues associated with the all-inclusive IP address path registration scheme with its inability to cope with forwarded email: http://tools.ietf.org/html/draft-otis-dkim-tpa-label-03 Use of this DKIM extension can safely accommodate a user's desire to authorize third-party signatures to protect acceptance of From headers within domains that differ from the DKIM signature. DKIM does not need to change. Once IPv6 and international TLDs come into the mix, having users "vote" (authorize) DKIM providers could better determine what new domains can be trusted, and help ensure users are allowed to utilize their own language and to seek assistance in obtaining acceptable IPv6 connectivity. -Doug
Current thread:
- Re: SPF Configurations, (continued)
- Re: SPF Configurations John Levine (Dec 04)
- AW: SPF Configurations Andre Engel (Dec 04)
- Re: AW: SPF Configurations John R. Levine (Dec 04)
- AW: AW: SPF Configurations Andre Engel (Dec 05)
- Re: SPF Configurations Lars Eggert (Dec 04)
- Re: SPF Configurations Sean Donelan (Dec 06)
- Re: SPF Configurations Bill Stewart (Dec 06)
- Re: SPF Configurations Sean Donelan (Dec 07)
- Re: Official Mail, was SPF Configurations John Levine (Dec 07)
- Re: SPF Configurations Michael Holstein (Dec 07)
- Re: SPF Configurations Douglas Otis (Dec 07)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 07)
- Re: SPF Configurations Tony Finch (Dec 08)
- Re: SPF Configurations Suresh Ramasubramanian (Dec 08)
- Re: SPF Configurations Michael Holstein (Dec 08)
- Re: SPF Configurations Tony Finch (Dec 08)
- RE: SPF Configurations Jeffrey Negro (Dec 04)