begin Tuesday 23 March 2004 16:24, David Woodhouse quote:
My local policy is that if I find people rejecting forwarded mail due to
SPF or other similar reasons, I report that as a misconfiguration and
request that they stop. Only if they refuse to fix it and if I _really_
need my system to be able to forward to the domain in question, do I add
them manually to the 'spf-afflicted-domains' list.
In other words, you consider SPF a misconfiguration?!? Or what kind
of mechanism do you propose to address "the forwarding problem"?
Whitelisting of forwarders at the recipient ISP? This is only
workable if the the recipient ISP is small enough that they will
Not if it's the largest ISP of the country, and you (the forwarder)
run a small no-name site :-(
In the case of small insignificant forwarders, and large final
recipient MTAs, SRS unfortunately appears to be the only way to
Or do you only consider non-SPF based sender filtering to be a
misconfiguration? I'm not sure if that's a sane attitude given that in
many people's eyes it is not yet clear whether DMP, MS Cid, SPF, or
some other scheme will prevail in the end...
That is a difference of local policy. You choose to mangle sender
addresses to work around _potential_ errors at the receiving end.
Or rather: I'm working with the hypothesis that SPF (or similar
systems) are deployed everywhere, and that the only places where I can
send without munging are those where I am whitelisted.
Indeed, isn't this (global SPF deployment) what we are striving for?
So we should make our system compatible with our ultimate goal as soon
as possible, lest we be victim of our own success...
I choose to work around such errors _only_ if I know they exist, if the
offending party won't fix them, _and_ I actually need to get the mail
That last condition, in particular, happens only if the recipient whose
forwarded mail is being rejected _cannot_ change service providers and
use a more sanely run domain as the target for the forwarding from my
I hope I'm misunderstanding you here, but you really seem to sound as
if you consider SPF (... or competing schemes fullfilling the same
goal ...) to be "errors" or the symptons of a domain that is not
sanely run?!? Or what is your point?