My college alumni association provides an email forwarding service: any
alumnus can get a <user>@alum.mit.edu address that forwards to their
real email service. However, they don't provide a mail submission
service -- you still have to send your mail out through whatever SMTP
server you would normally use.
How is this supposed to work with SPF? The answers in the FAQ all seem
to be about services like pobox.com, which also provide submission
services. There's no way for MIT to list all the possible mail servers
that will send out mail from <user>@alum.mit.edu. I guess this means
they'll have to leave the domain unprotected, which means that spammers
are free to forge alum.mit.edu addresses.
The FAQ says that SPF is intended to protect the envelope sender, not
the From: address. However, AFAICT, my MUA (Mac OS X 10.3.5 Mail)
doesn't provide any way to specify the envelope sender; it has one
place to specify the Email Address for a mail account, and it uses this
as both the envelope sender and the From: address. You can specify a
different username to be used with SMTP authentication, but this is
just a username, not an address (it shows up in a comment in the
Received: line that the SMTP server adds). So do we need all the MUA
implementations to provide this additional setting?
I apologize if this has been discussed before. It wasn't answered
adequately in the FAQ, and there doesn't seem to be a search facility
for the list archive.
Barry Margolin <barmar(_at_)alum(_dot_)mit(_dot_)edu>
Arlington, MA