Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: none Newsgroups: comp.mail.sendmail Subject: Re: sender rewrining advice Date: Sun, 24 Mar 2024 00:59:40 +0100 Organization: A noiseless patient Spider Lines: 28 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sat, 23 Mar 2024 23:59:42 -0000 (UTC) Injection-Info: dont-email.me; posting-host="5f53366423bb038cb5bcf2d2e7ae4caf"; logging-data="4142565"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19HGCWAzAOJdWEcL+g/3rrOTHoMe6ZnlJVnnC2pOzrw8g==" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:Vyyb8/1APqAMrNetwhSY0h/h39Q= Content-Language: en-GB In-Reply-To: Bytes: 2378 > > My understanding is that the hash offers a modicum of security to > prevent (for some value) someone reversing your SRS mechanism and > sending messages to your server that your server would end up sending > back out as spam.  I think that it's mostly anti-abuse / anti-reply. > > If I know your secret hash seed I could use that to generate an SRS that > your system would trust, reverse the SRS and pass the message on to the > intended destination as if it originated from your server. > Hmmm, I don't really get this. My spf (and maybe even dkim) are still applied not? If I am processing the message test@gmail.com -> test@example.com forwarded to test@guerrillamail.com then my host B (outgoing) will create a new envelope, something like: SRS0=HHH=TT=example.org=test@example.com Any receiving host will still check the same example.com spf, as if it would be a 'regular' envelope.