Autor: David Woodhouse Data: A: Marc Perkel CC: exim-users Assumpte: Re: [Exim] Is SPF for me?
On Fri, 2004-04-23 at 20:01 -0700, Marc Perkel wrote: > OK - Trying to grasp the SPF concept.
>
> I do email hosting for a variety of domains, but I'm not an ISP. My
> users are unsophisticated and spread out - often mobile.
>
> Some tunnel back to my server to send email from "the source" but most
> use their local ISP for outgoing SMTP service.
>
> So - is this SPF for me? Can I use this to "bless" those who originate
> from specific IPs without penalizing those who roam?
You could publish an SPF record which ends in '?all'. It's essentially
then a whitelist which says mail from your own servers is definitely OK,
and from anywhere else is unknown. People could perhaps use that to
avoid sender verification callouts for mail coming directly from your
own machines.
Personally, I wouldn't bother. If SPF is only ever going to be used with
'?all' then it's fairly pointless, and if it's used with '-all' then
it's just broken. I prefer not to lend it legitimacy by publishing
records.
> What would seem to make more sense to me for someone in my circumstances
> is if the users outgoing email were relayed through my server instead of
> to the destination. Then I could eval the message to see if it's forged
> - perhaps requiring some encrypted password or key or something.
I'm not sure I understand what you're saying. If the user is
authenticating to your server, why do you need to check if the message
is forged? Surely you know it isn't?
> Anyhow - back to the original question - is SPF for me?