spf-discuss
[Top] [All Lists]

Re: SPF & Postfix Relayhosts for Cable Modems/DSL?

2004-01-27 16:06:01
I  am  wondering  if  SPF  ruleset  determines the IP address by the
original host IP or the relay-ing host IP.

SPF  checks  may be run against any IP address, but by intent they are
run  against  the  first  _untrusted_  hop.  For  example,  if you run
anti-spam  checks on an internal content-scanning server (that is, not
your  MX),  or  regularly  receive mail from a trusted backup MX, your
anti-spam technology needs to skip the connecting IP as a trusted hop.
In all other cases, you run the check on the connecting IP.

Though  you  could  _also_  run  SPF  checks  on  previous hops if you
desired,  this  would frequently be disastrous for the very reason you
mention. Running SPF checks on subscribers who are already using their
provider's  smarthost  in  compliance  with  published  SPF records is
exactly wrong, as the checks will fail by design. :)

--Sandy


------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: sandy(_at_)cypressintegrated(_dot_)com
------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki: 
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡


<Prev in Thread] Current Thread [Next in Thread>