On Wed, 18 Aug 2004, Ralf Doeblitz wrote:
--On Dienstag, August 17, 2004 08:50:19 -0400 Anthony DePinto
<anthony(_at_)idmi(_dot_)net> wrote:
With the .name domains, all you can purchase/control is
firstname(_at_)firstname(_dot_)lastname(_dot_)name(_dot_) The e-mail
forward for
firstname(_at_)lastname(_dot_)name is controlled by the registrar itself so
it
doesn't touch our servers at first. If I send an e-mail from
anthony(_at_)idmi(_dot_)net, which is my address and we run SPF, to
firstname(_at_)lastname(_dot_)name it first goes to the registrar's mail
server
which forwards it AS anthony(_at_)idmi(_dot_)net to
firstname(_at_)firstname(_dot_)lastname(_dot_)name so we reject it because
the foreign
mail server is trying to send mail as myself. Convoluted, so I hope
that made more sense.
Just whitelist the registrar's mailserver on your system, so that SPF
checks will not be applied to mail that is forwarded by the registrar.
*He* is not doing the SPF checks. The party with the .name domain that
he is trying to send mail to does SPF checks. However, all .name
emails are forwarded by the registrar in a manner unfriendly to
SPF. So yes, SPF filters ought to automatically whitelist .name
registrars somehow - but they don't do that now.
The real solution is for .name registrars to make their forwarding
SPF compatible. The obvious solution is return path rewriting (SRS),
with perhaps some optimizations for SES. I wonder if the .name
registrars even check SPF themselves?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.