IETF Logo Mail Archive

Re: [ietf-822] Mailing lists - assumptions

Ned Freed <ned.freed@mrochek.com> Sun, 20 April 2014 00:31 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: ietf-822@ietfa.amsl.com
Delivered-To: ietf-822@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35BD41A00F4 for <ietf-822@ietfa.amsl.com>; Sat, 19 Apr 2014 17:31:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.274
X-Spam-Level:
X-Spam-Status: No, score=-2.274 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.272, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ICXfMzhPhL0 for <ietf-822@ietfa.amsl.com>; Sat, 19 Apr 2014 17:31:48 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id 397691A00D3 for <ietf-822@ietf.org>; Sat, 19 Apr 2014 17:31:48 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6U788D0UO006HUM@mauve.mrochek.com> for ietf-822@ietf.org; Sat, 19 Apr 2014 17:26:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1397953596; bh=bip4cFz9Z6zC1D/FQa4m0Dz55PFm7aDUlzNeFz8V7Ws=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=rgLkM+Wb3GJB0MWjddQdCFI4PsSWCnDsukwxobNIRjeQy6VmE1KeM04geSXr5DeRu So0/fonjfb8qq3eMncGmvXfiivzAulVgFQn8h4/XyUX9nxbulD2Ha8VMxN+N+75Srs qd6ZrlJXToyGdla7ryyqCUn44y/Gfe/fpcRbyiYY=
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET="iso-8859-1"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P6SVAPGZY800004W@mauve.mrochek.com>; Sat, 19 Apr 2014 17:26:32 -0700 (PDT)
Message-id: <01P6U784H7N400004W@mauve.mrochek.com>
Date: Sat, 19 Apr 2014 15:33:52 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Sat, 19 Apr 2014 14:42:20 -0400" <20140419184220.GA13492@thunk.org>
References: <53517267.7050905@qti.qualcomm.com> <20140418192004.GB23005@thunk.org> <53518339.80007@qti.qualcomm.com> <20140418202612.GC13642@thunk.org> <53519C8D.3020906@bluepopcorn.net> <20140418220157.GE23005@thunk.org> <01P6TO1YH0UO00004W@mauve.mrochek.com> <20140419154303.GB31552@thunk.org> <01P6TU07T8ZO00004W@mauve.mrochek.com> <20140419184220.GA13492@thunk.org>
To: Theodore Ts'o <tytso@mit.edu>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-822/Vr0l38xExPHtdLQF2AK3bLOw2nY
Cc: Jim Fenton <fenton@bluepopcorn.net>, ietf-822@ietf.org, Ned Freed <ned.freed@mrochek.com>
Subject: Re: [ietf-822] Mailing lists - assumptions
X-BeenThere: ietf-822@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of issues related to Internet Message Format \[RFC 822, RFC 2822, RFC 5322\]" <ietf-822.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-822/>
List-Post: <mailto:ietf-822@ietf.org>
List-Help: <mailto:ietf-822-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-822>, <mailto:ietf-822-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2014 00:31:51 -0000

> On Sat, Apr 19, 2014 at 11:00:35AM -0700, Ned Freed wrote:
> > You want any downstream delivery errors to be reported to the original sender,
> > so ideally you'd leave the MAIL FROM unchanged. But now an SPF check on the
> > MAIL FROM will fail because alum.mit.edu's IP address isn't going to be
> > allowed list.
> >
> > The usual way this is solved is with a more complex forwarding address,
> > one that incorporates a timestamp and a verifier. As I noted
> > previously the Sender Rewriting Scheme is one way to do this, but of
> > course you can use any encoding you want since only your systems have
> > to understand it.

> You mean like this:

> Return-path: <SRS0=/H55=ZT=gmail.com=theodore.tso@alum.mit.edu>

> :-)

Yes indeedy. Looks to me like bog-standard SRS.

> Sure, it's a bit ticklish, but it's obviously implementable.

Indeed. But now that we've gotten this far, here's a question...

Given that this issue is a forseeable - and forseen - consequence of using SPF,
and given there's an effective, but not exactly obvious, solution to the
problem, why are we going forward with publication of SPFBIS as a proposed
standard (currently in AUTH48) without a companion document describing this
problem and at least the corresponding solution space, if not going so far as
to document a specific solution?

At present draft-ietf-spfbis-4408bis has this to say about the issue:

 o  Mediators can solve the problem by rewriting the "MAIL FROM" to be
    in their own domain.  This means mail rejected from the external
    mailbox will have to be forwarded back to the original sender by
    the forwarding service.  Various schemes to do this exist though
    they vary widely in complexity and resource requirements on the
    part of the mediator.

Does anyone seriously think this provides the necessary guidance to an
autoforwarder developer/administrator faced with wholesale rejection of their
forwarded mail due to SPF? Because I certainly don't.

				Ned

v2.23.0 | Report a Bug | By Email