Re: [exim] Gmail's new 'suspicious sender' flag

Top Page
Delete this message
Reply to this message
Author: Jan Ingvoldstad
Date:  
To: Ted Cooper
CC: exim-users
Subject: Re: [exim] Gmail's new 'suspicious sender' flag
On Wed, Jul 6, 2011 at 02:38, Ted Cooper <eximX0902w@???> wrote:

> On 05/07/11 21:54, Jan Ingvoldstad wrote:
> > On a general basis, I recommend against using SPF, but if one "must" use
> > SPF, remember to NOT set it restrictively.
> >
> > That is: never, ever use "-all" or similar constructs that restrict
> message
> > handling to a few hosts, unless you are absolutely certain that messages
> > will NEVER exit your private/company network.
> >
> > Pain ensues if it does.
>
> That's generally the idea of SPF though



To ensure pain? It certainly seems so.


> - tell the world where your
> email is allowed to come from, and anyone else is forging your domain
> can be safely dropped on the floor.
>


But it's not about "forging your domain" if the message is resent, e.g. if
someone has the e-mail address foo@???, which is resent to
gazonk@??? and barghle@???.


>
> I've been running SPF on all my domains for many years now (when did it
> come out again?) because I only allow allow emails to be sent via SMTP
> AUTH. I've even got most of the client domains configured this way.
>


Congratulations, you have a setup that guarantees delivery problems.


>
> The only problem I've had recently was a parent company of one of my
> clients forwarding emails without SRS. Semi-legitimate and yet easy to
> fix because of the business relationship.
>


No, SRS is not "easy to fix", sorry. It's a hack that's required by another
ugly hack (SPF).

Good luck with getting everyone to use SRS the way the SPF evangelists want
to. In the meantime, SPF with "-all" breaks email. Just don't, please.

</soapbox> - and apologies for probably being off-topic again.
--
Jan