I am wondering if SPF ruleset determines the IP address by the
original host IP or the relay-ing host IP.
SPF checks may be run against any IP address, but by intent they are
run against the first _untrusted_ hop. For example, if you run
anti-spam checks on an internal content-scanning server (that is, not
your MX), or regularly receive mail from a trusted backup MX, your
anti-spam technology needs to skip the connecting IP as a trusted hop.
In all other cases, you run the check on the connecting IP.
Though you could _also_ run SPF checks on previous hops if you
desired, this would frequently be disastrous for the very reason you
mention. Running SPF checks on subscribers who are already using their
provider's smarthost in compliance with published SPF records is
exactly wrong, as the checks will fail by design. :)
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: sandy(_at_)cypressintegrated(_dot_)com
------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
Wiki:
http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/HomePage
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡