On 10/12/2009 20:19, Marc Perkel wrote:
> Sometime flawed technologies still have uses. SPF breaks email
> forwarding.
You say that as though it's a statement of fact. I think a more accurate
statement is, "Broken forwarding is incompatible with SPF".
SPF is broken when servers which forward mail spoof the sender envelope
rather than using their own.
I, nor any of my users forward email from other accounts to accounts on
my server. Because I know this, I *could* use strict SPF checking for
rejections. Because I'm cautious, I just score on it though.
Even if broken forwarding was taking place, I would still be able to use
SPF as part of a whitelist mechanism. I wouldn't want to outright accept
anything with a sender envelope of *@ebay.co.uk because spammers spoof
it. But if I made it dependent on an SPF pass, then the spoofing problem
disappears.
For example, I safely whitelist the SpamAssassin users list with this
simple SpamAssassin rule:
whitelist_from_spf *@*.apache.org
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226)
http://cardwellit.com/
Technical Blog:
https://secure.grepular.com/blog/
