Home | Sitemap | Recent Changes | Login

SPF Logo

Sender Policy Framework


This page collects the definitions of terms used in the Forums mailing lists, and spf-discuss in particular. These terms may be considered SPF-specific alternatives to those defined in Dave Crocker's Internet Mail Architecture. More terms are defined in Peter Resnick's Internet Message Format (rfc 5322). David MacQuigg is maintaining the Statement of Problems and Requirements for forwarding.


Substitute Whitelist Key, formerly called a TENBOX token, is an address passed as the AUTH parameter of a MAIL FROM command, that specifies the forwarding ID, e.g. the alias whose expansion yielded to the current forwarding SMTP session (see also here),
Trusted E-mail Network BOundary eXpansion, the expansion is done including forwarders on a per user basis,
authEntication component of the TENBOX solution,
authOrization component of the TENBOX solution,
a different approach, providing per domain or per IP network extension, named after the http://trusted-forwarder.org list.

From Fowarder whitelisting reloaded

|----------- MON -----------|       |-------------------- MRN --------------------|

                               /                /==========================\
Sender(s) ==> Transmitter --> / --> Receiver/Forwarder ~~> Dest/MDA/+ ==> Recipient

The above diagram represents the topology of a single message path, not a global network topology.

direction of mail flow (no relationship implied),
direct relationship between Actors (e.g. a contract),
indirect relationship (e.g. both directly related to Recipient),
the interface between the last agent on the Sender's side and the first one on the Recipient's side of a mail transfer; it denotes the absence of any specific arrangements or agreements between the two agents,
a relay performing alias expansion, i.e. replacing the envelope RCPT address with preconfigured values,
Mail Originating Network, all the hosts on the left side of the Border,
Mail Receiving Network, all the hosts on the right side of the Border,
an SMTP server, i.e. MTA receiving a message; a Transmitter's peer,
an SMTP client; a Receiver's peer.

There is at most one border along any message path. It lies where the first MX is looked up in order to determine a Receiver for the next hop. For backup MXes, that is the first one, i.e. the one with the lowest priority (highest number). Even if there may be multiple MXes defined at the same priority, only one of them is actually used to relay a message.

Because of the uniqueness of the border, the terms Transmitter or Receiver may sometimes be used without further specifications to refer to the relevant agent at the border. That convention doesn't preclude the generic use of those terms, provided it is clear from the context which agent each term refers to.


Some terms adapted from David MacQuigg's and Keith Moore's definitions.

From Yet another attempt to fix forwarding

data controller
in general, any natural or legal person, [...] that is competent, also jointly with another data controller, to determine purposes and methods of the processing of personal data and the relevant means, including security matters,
data subject
in general any natural or legal person, body or association that is the subject of the personal data, in particular, the Recipient is the subject of his or her email address, and thus of the forwarding recipe,
local forwarding policy
a set of rules that affect how forwarding is performed, e.g. if and how the envelope sender is changed; the policy contains general rules as well as address-specific rules organized in a database,
fix forwarding (FF)
the complete solution to the forwarding problem, including the privacy problem (a.k.a. problem P) of allowing recipients full control over forwarding recipes specific to their addresses scattered around the Internet,
forwarding recipe
the piece of configuration that turns an MTA into a Forwarder (as far as a given message is concerned), at a minimum it must include the new recipient address (e.g. in a .forward file), ideally it also includes any local forwarding policy data specific to the given recipe,
persons in charge
in general, the natural persons that have been authorized by the data controller or processor to carry out processing operations, for example, a user who can login at a Forwarder and alter a forwarding recipe.


Generic privacy terms have been defined by European directives, see

Edit text of this page | View other revisions
Last edited 2013-05-23 19:29 (UTC) by xyzzy (diff)