Mark Andrews wrote:
It doesn't however mean you cannot send mail from that
machine however. You just have to set an appropriate mail
domain for outgoing mail.
Rather than toster(_at_)toaster(_dot_)example(_dot_)net the mail would come
from tosterXXX(_at_)example(_dot_)net or something similar if you
were using "MX 0 .".
JFTR, that is a nullmx for toaster.example.net, and the host
toaster.example.net can send MAIL FROM tosterXXX(_at_)example(_dot_)net
(or from almost any address excluding @toaster.example.net).
Mail to <postmaster> at this host is still supposed to work.
I couldn't tell without cheating (= looking into 2821bis) if
that's MUSTard, SHOULD, or between the lines.
Non deliver reports don't have to go back to the originating
I can sing "originator as indicated in the reverse-path", in
moments when JohnK would seriously wish that I don't try to
sing, at least not on this list.
BTW, your example also shows another reason why "v=spf1 -all"
is not the same as nullmx. The toaster.example.net MTA using
this FQDN in its EHLO needs "v=spf1 a -all" (added "a") or
another way to indicate that it's permitted to use this name.
When it sends an NDR or any mail with an empty reverse-path
receivers checking SPF look for a policy associated with the
EHLO name, and that is generally recommended in RFC 4408 for
the purpose of rejecting abuse of EHLO names, not limited to
Clearly nobody is forced to protect EHLO names with SPF FAIL,
but if they do they better get this right.