--On 1 July 2010 17:39:10 +0100 John Horne <john.horne@???>
wrote:
> On Thu, 2010-07-01 at 16:58 +0100, Ian Eiloart wrote:
>>
>> Using SRS without publishing an SPF record of your own
>> risks downgrading messages from pass to no unknown.
>>
> I don't quite follow this. My understanding was that when SRS was used
> it was a way of saying to the recipient MTA (that is the MTA you are
> forwarding the message to) "This message has come from us, but when
> checking SPF you must 'decode' the sender address and then check against
> that decoded original sender address." That is, don't check our SPF
> records but check those of whoever (whomever?) we got the message from
> originally.
As Peter has explained that's not how it's intended to be used. It would be
a neat idea, except that you don't have access to the originating IP
address. OK, so you could look in the message headers, and attempt to
deduce it, but that might all be forged.
> As such it should not matter whether the forwarding MTA domain has SPF
> records or not.
>
>
>
> John.
>
> --
> John Horne, University of Plymouth, UK
> Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/