On 1 July 2010 17:39, John Horne <john.horne@???> wrote: > On Thu, 2010-07-01 at 16:58 +0100, Ian Eiloart wrote:
>>
>> Using SRS without publishing an SPF record of your own
>> risks downgrading messages from pass to no unknown.
>>
> I don't quite follow this. My understanding was that when SRS was used
> it was a way of saying to the recipient MTA (that is the MTA you are
> forwarding the message to) "This message has come from us, but when
> checking SPF you must 'decode' the sender address and then check against
> that decoded original sender address." That is, don't check our SPF
> records but check those of whoever (whomever?) we got the message from
> originally.
No - it's exactly the opposite. You're saying 'I know where this came
from and I'm vouching for it by giving it an envelope sender in my
domain so it passes SPF. If you need to speak to anyone about it, I
can decode the original sender and deal with it for you'
Which you only want to do if you trust the purported sender and have
validated by some means or other that the purported sender is genuine.
Peter
--
Peter Bowyer
Email: peter@???
Follow me on Twitter: twitter.com/peeebeee
