It seems to me that its the people who decide to reject mail just because the the spf records on the incoming message don't match, are the people who will make sender id systems unusable. Having working spf records has nothing to do with being SPAM, in fact percentage wise SPAM is better for correct spf records. It is purely for verifing that the mail came from an authorised server, not whether it is SPAM or not. If you are rejecting mail because of the spf records then you are forcing people like Ewen here to open the records just to get the mail working. Hence the records become less useful. So you should hang your head in shame. </rant> -- Daniel
In message <001801c4d402$0e7ad2d0$0100000a(a)lennons>, "Lennon - Orcon" writes:
We have SPF and SRS implemented on our email servers and yes it does work.
Unfortunately there are also a considerable number of systems (including in New Zealand) which forward mail without rewriting the envelope from address, which is required by SPF. This means that when the mail is forwarded it suddenly appears to be coming from a mail server that isn't authorised to send messages for that domain, which results in it being rejected and bounced back to the originator.
I've had to relax the SPF statements for some of the domains that I manage in order to compensate for this problem (changing from "-all" to "?all" -- ie, "won't come from anywhere else" to "umm, I guess you might see it from some others too").
It would be very helpful if operators that provide a mail forwarding service (eg, just about every ISP that provides mail services) were to do the forwarding in a SPF-compatible manner. Something like procmail's approach (forward message on with envelope from of the account triggering the forward) is sufficient -- you don't have to do SPF's convoluted envelope from rewriting if you don't want to.
I suspect this issue (mail forwarding) will continue to be the biggest obstacle to widespread SPF adoption for quite some time.
Ewen
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog