On Mon, Jun 21, 2004 at 12:06:35PM +1000, Chris Drake wrote:
|
| Maybe you can also explain what exactly your pobox.com's SPF records
| are even being published for in the first place? You have no control
| over what SMTP servers your customers use, and no control over how
| recipient mail servers process your SPF records - so you should never
| be publishing these on your forwarding service at all, or am I missing
| something, or did you just publish wrong, or did you forget to specify
| a mechanism (eg: "+any") to allow any SMTP server to send mails from a
| domain, or what???
You're right that we have no control over what SMTP servers
our customers use for outbound relaying. (Well, we do offer
smtp.pobox.com, but we can't force everyone to use it.)
That's why we knew we needed a per-user SPF facility. The
complete version will come with a wizard that helps set up
records for users, based on a test email they send us.
While that wizard is not yet ready, we do have an interface
that lets advanced users configure their own records
directly.
You and any other pobox users on this list are welcome to
experiment with
http://www.pobox.com/login/mason/antispam/spf.mhtml
Please keep in mind that this is VERY VERY BETA and has not
yet been announced to our customers in general. This is for
SPF EARLY ADOPTERS ONLY, etc. Only pobox customers will be
able to reach that page. There's not much there: basicall
just a text box with a default pre-filled:
[ v=spf1 ?all ]
Users can put in additional text and it will go into DNS.
Here's how it works:
20040621-16:41:43 mengwong(_at_)dumbo:~% dnstxt pobox.com
v=spf1 mx mx:fallback-relay.pobox.com a:smtp.pobox.com a:emerald.pobox.com
redirect=%{l1r+}._at_.%{o}._spf.pobox.com
Note the "redirect" on the end there. That means lookups
for mengwong+foobar(_at_)pobox(_dot_)com will be rewritten as:
20040621-16:41:45 mengwong(_at_)dumbo:~% dnstxt
mengwong._at_.pobox.com._spf.pobox.com
v=spf1 -all
(We have many domains, so for instance a lookup could be
mengwong._at_.rightbox.com._spf.pobox.com.)
The default *._spf.pobox.com is "v=spf1 ?all".
That zone is served using MyDNS. There's some caching so it
may take some time for new entries to appear, based on the
TTL and other factors.
Now, regarding messages disappearing, the specification
defines "neutral" as:
Neutral (?): The SPF client MUST proceed as if a domain
did not publish SPF data. This result occurs if the
domain explicitly specifies a "?" value, or if
processing "falls off the end" of the SPF record.
Receivers which reject or silently discard mail based on the
above result are in violation of the above "MUST" statement.
If you can tell me who's behaving out of spec, I'd be happy
to try to get in touch with them.
cheers
meng