On Fri, Feb 27, 2004 at 01:40:06PM -0600, Dustin D. Trammell wrote:
|
| When I implemented SPF checking on one of my small vanity domain
| servers, I sent notice to my users that yes, if they use a forwarder
| that does not rewrite the envelope sender (ask your forwarder if they do
| this!), then some mail sent to their forwarding address from any domains
| that publish SPF will probably not make it (actually, at this point I'm
| just adding a 'fail' Received-SPF header, but I digress). If they
| continue to forward email via an irresponsible system, it is the user's
| fault because they have been educated, not the user or system that is
| trying to send them mail.
|
Even without SPF, lots of places are already doing this kind of
checking.
Istvan is a customer at Pobox: his pobox.com account forwards to his
actual address at Compaq.
He sent a message from his Compaq account to his Pobox account, which
sent it on to Compaq; and Compaq rejected it.
<istvan(_dot_)szucs(_at_)compaq(_dot_)com>: host
ztxmail02.ztx.compaq.com[161.114.1.206]
said: 554 <istvan(_dot_)szucs(_at_)compaq(_dot_)com>: Sender address
rejected: Access denied
When did this happen? 5 July 2001.
It's three years later, and now here's a message from last week.
| We have users that forward mail from their pobox.com account to us
| (sff.net). Because we use SMTP AUTH, our server rejects any message
| that appears with an @sff.net envelope FROM: address if it didn't
| originate from our systems.
|
| The problem is that when an @sff.net user sends to one of your users that
| has forwarding enabled, your forwarder doesn't rewrite the envelope FROM:
| when it forwards the message on. This causes the forwarded mail to be
| rejected by our server because it's still claiming to have come from
| @sff.net.
|
| Most modern mail forwarding systems rewrite envelope FROM:s, or have the
| ability to do so if enabled. Can you enable this for your system?
|
Ther's no point fighting these sorts of things; for forwarders, the tide
is turning, and we can sink or swim.
The avalanche has started. It is too late for the pebbles to vote.