spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SPF is only one component in a policy suite

2003-10-24 12:30:54
from [Meng Weng Wong] [Permanent Link] 
On Fri, Oct 24, 2003 at 09:21:43AM -0400, Philip Gladstone wrote:
| 
| 1)   If your main domain (example.com) has a couple of MX records, the 
| lower numbered one being the actual mail server, and the higher one 
| being (say) the ISPs mail server (isp.net),   then some of the inbound 
| mail that example.com will see will be coming from isp.net. Clearly you 
| cannot run the SPF rules on the mail from isp.net, but what is the 
| recommended way to avoid doing this? What about running SPF internal to 
| your organization? How does the gateway MTA distinguish inbound mail?

I have updated 5.6.3 to read:

5.6.3 Conformance with regard to receiving e-mail systems

   To describe itself as SPF-conformant, an SMTP receiver is REQUIRED to
   perform SPF tests where it is appropriate to do so.

   SPF tests need not be performed while an SMTP transaction is ongoing:
   if the MDA performs the test, that is sufficient.  A server NEED NOT
   reject a message; but if it does not, it SHOULD add a Received-SPF
   header.  If a server rejects a message, it SHOULD include any
   <explanation> provided by the SPF publisher.

   Receiver systems SHOULD exclude special addresses such as postmaster@
   and abuse@ from SPF processing.  See RFC2142.

   SPF is one component in an SMTP receiver's policy engine.  An
   SPF-conformant SMTP receiver is NOT REQUIRED to perform SPF tests on
   messages whose dispositions have already been decided on the basis of
   other policy.

     Example 1: if an SMTP receiver requires that sender domains must
     possess MX or A records, and rejects transactions where they do
     not, SPF tests are moot.

     Example 2: if an SMTP receiver receives a message from a trusted
     client, such as a secondary MX for its own domain, SPF tests are
     not needed.

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: new draft RFC under construction, Meng Weng Wong
Next by Date:  is timestamp in exp string unnecessary?, Meng Weng Wong
Previous by Thread:  A couple of minor questions, Philip Gladstone
Next by Thread:  Re: SPF is only one component in a policy suite, Rob Kaper
Indexes:  [Date] [Thread] [Top] [All Lists]