On Mon, 2004-06-14 at 10:51 +0200, Koen Martens wrote:
On Mon, Jun 14, 2004 at 09:42:24AM +0100, David Woodhouse wrote:
On Mon, 2004-06-14 at 09:22 +0200, Teddy wrote:
I have published all my domains and my clients domains with -all and I
won't change that because I know that I (and my clients) only send
e-mail from the mailserver and not from anywhere else. So I do not
understand why I should publish ?all or ~all. I also don't want to
change all the domains at the "flag day".
So either you don't understand fully, or you're happy with the fact that
when your clients send email to another address outside your control,
and that email gets forwarded on to its final destination without SRS,
you are trying to cause that valid mail to be lost.
Actually, the hops in between also need to do spf checking of course,
if they don't it doesn't matter wether you have -all ?all or
-hoolahoola .
OK. You've answered the question -- you evidently don't understand, and
you're publishing a record which is causing your clients' valid email to
be bounced.
Think about it. Your client sends a message to an address @infradead.org
which is actually just a forwarding address, and gets forwarded to
elsewhere. The intended recipient does SPF checking, and decides that
they're not going to accept the message in question from one of my
machines.
There are literally millions of domains out there forwarding mail
without SRS. By publishing a '-all' record you are saying that your
clients should not be permitted to send mail to those addresses.
Anyway, isn't it supposed to bounce, instead of being silently dropped?
For the majority of users there isn't really a practical difference.
People are too stupid or lazy to read bounce messages, in general, and
most of the text in SPF bounce messages is misleading.
--
dwmw2