Author: Jan Ingvoldstad Date: To: Ted Cooper CC: exim-users Subject: Re: [exim] Gmail's new 'suspicious sender' flag
On Wed, Jul 6, 2011 at 02:38, Ted Cooper <eximX0902w@???> wrote:
> On 05/07/11 21:54, Jan Ingvoldstad wrote:
> > On a general basis, I recommend against using SPF, but if one "must" use
> > SPF, remember to NOT set it restrictively.
> >
> > That is: never, ever use "-all" or similar constructs that restrict
> message
> > handling to a few hosts, unless you are absolutely certain that messages
> > will NEVER exit your private/company network.
> >
> > Pain ensues if it does.
>
> That's generally the idea of SPF though
To ensure pain? It certainly seems so.
> - tell the world where your
> email is allowed to come from, and anyone else is forging your domain
> can be safely dropped on the floor.
>
But it's not about "forging your domain" if the message is resent, e.g. if
someone has the e-mail address foo@???, which is resent to
gazonk@??? and barghle@???.
>
> I've been running SPF on all my domains for many years now (when did it
> come out again?) because I only allow allow emails to be sent via SMTP
> AUTH. I've even got most of the client domains configured this way.
>
Congratulations, you have a setup that guarantees delivery problems.
>
> The only problem I've had recently was a parent company of one of my
> clients forwarding emails without SRS. Semi-legitimate and yet easy to
> fix because of the business relationship.
>
No, SRS is not "easy to fix", sorry. It's a hack that's required by another
ugly hack (SPF).
Good luck with getting everyone to use SRS the way the SPF evangelists want
to. In the meantime, SPF with "-all" breaks email. Just don't, please.
</soapbox> - and apologies for probably being off-topic again.
--
Jan