I have heard it stated several times on this list that legitimate
forwarding is set up by the receiver - and therefore the receiver should
be able to whitelist the forwarder. I have just run into an SPF false
positive where the sender initiated forwarding.
The sender is a hospital. They have a service where you can email
pictures of your newborn(s) to family and friends from terminals in the
hospital. Or maybe it is just a generic webmail service. Their
application asks for a from email address and rcpt addresses. It uses the from
address for both MAIL FROM and header From. The theory, I guess, was that any
bounces would go to the address entered rather than to the hospital.
Naturally, mail with an SPF enabled from domain gets bounced by an
SPF checking MTA (mine). The bounce has a nice link to the why.html page,
and was properly delivered to the from address, but the user was still confused.
Especially after they forwarded the bounced message from home several days
later and it arrived with no problems. Naturally they felt jipped.
The sender felt it was the hospitals fault (because it worked from home).
The recipient felt is was the fault of SPF, and got angry when I tried to
explain how it works.
What we would like is for the hospital mail service to implement SRS, and
forward any bounces to the original from address. The bounce came from
postmaster(_at_)chi-hasco-001(_dot_)frymulti(_dot_)com if anyone wants to try
some
evangelism.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Very few of our customers are going to have a pure Unix
or pure Windows environment." - Dennis Oldroyd, Microsoft Corporation