Meng Weng Wong wrote:
| We have users that forward mail from their pobox.com account to us
| (sff.net). Because we use SMTP AUTH, our server rejects any message
| that appears with an @sff.net envelope FROM: address if it didn't
| originate from our systems.
This is because the SMTP port is overloaded with two different service
and the server need to do autodetection to choose one. The solution is
of course changing the system to a better one: implementing the SUBMIT
protocol (port 587).
IMHO there are two types of forwarding: sender controlled, and receiver
controlled.
In case of the receiver controlled forwarding (mailbox to mailbox by the
same owner) no rewrite is necessary. SUBMIT or white listing solve the
problem. I prefer white listing.
In case of the sender controlled forwarding (ecards, article sending,
etc.) no rewrite is necessary. SUBMIT or DNSWL solve the problem. I
prefer SUBMIT.
Of course in some cases SPF can not be workaround without MAIL FROM
rewriting. But it is not true in all possible cases. This is why i
recommended the NOSRS flag as the first element of the "Receiver Policy
Framework".
There are more than one method against unsolicited emails. All of the
present (and future!) methods designed to the present state and not to a
future state where all domains does SPF publishing and checking.
A cooperative SPF is better than a non cooperative one. But this is only
my opinion.
z2