Re: [exim] SPF and mail forwards

Góra strony
Delete this message
Reply to this message
Autor: Ian Eiloart
Data:  
Dla: exim-users
Temat: Re: [exim] SPF and mail forwards


--On 3 June 2006 10:08:39 -0400 Marc Sherman <msherman@???> wrote:

> Yves Goergen wrote:
>> Hello,
>> I have installed Exim 4.62 with SpamAssassin. This works fine so far,
>> but now I thought about setting up SPF records for my own domains. One
>> problem I see in this is that I must name all possible servers that
>> might send out mails with my sender domain. This is a huge problem when
>> using mail forwards. In that case, an e-mail is resent from my host but
>> with a different sender address. Is this a problem and what solutions
>> are there?
>
> Yes, it's a problem. The only solution is to completely ignore SPF; it's
> fundamentally broken.
>
> http://david.woodhou.se/why-not-spf.html
>
> - Marc


Actually, you can use SPF for some purposes - for example you could
whitelist certain domains on condition that email comes from SPF registered
servers.

If you use SPF to reject email from non-permitted servers, then you can end
up rejecting email that's forwarded to you from another server. If you and
your clients don't do this, that should not be a problem. Most mailing
lists these days don't have a problem with using correct return-paths.

You also have to be aware that some 'legitimate' services will forge
return-paths. These include "notify a friend" type services, some academic
journals, and so on. There's no reason that they should do this.

Whether you choose to use SPF is a question of judgement. You need to be
aware that it can break email under certain circumstances, but that might
not be enough to put you off.

--
Ian Eiloart
IT Services, University of Sussex