Actually I need to know the IP addresses of the outgoing email servers for
the forwarding sites. The users don't have this information and they don't
know who has, and we certainly don't have time to keep it up to date even
if we could obtain it.
_You_ have this information to a great extent already.
It is right there in your mail server logs. You just need
to know which domains to sort out.
How do I tell the difference between forged email and a configuration
change? What about rarely-used forwarding addresses? What about new
forwarding addresses? Have you tried to get useful co-operation from tens
of thousands of users who don't care much about email?
My point is that nobody has properly thought through how to deploy SPF on
anything other than toy domains in such a way that it can safely reject
email.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: NORTHWEST TO NORTH 5 GRADUALLY
DECREASING 3 OR 4. OCCASIONAL SHOWERS. MODERATE OR GOOD SEA STATE: MODERATE
DECREASING SLIGHT.