On Thu, 10 Mar 2005 16:05:53 -0500 (EST), Stuart D. Gathman
<stuart(_at_)bmsi(_dot_)com> wrote:
I need a web page to give out to "greeting-card" sites (in our case,
tracking notification email) as to how to handle MAIL FROM. Obviously
forging arbitrary domains is not ideal - and in fact results in SPF FAIL.
I can't send them to http://spf.pobox.com/webgenerated.html any more,
because that only tells them how to be senderID compliant (which is
much more complicated than SPF compliance).
I think you need to go back and look at
http://spf.pobox.com/webgenerated.html again. What is actually
addressed is SPF compliance.
While it mentions SID, both of the approaches indicated (Egreetings
and Evite) address SPF but may break under SID in some circumstances
(for example when someone chooses to apply SID to v=spf1 records).
I can tell them to use their own domain for MAIL FROM and chuck
any DSNs, or to use SRS so that DSNs can be reflected to the user
that initiated the email without using a database. But a nice looking web
page with specific instructions would be nice.
I think it would be foolish on the part of a company to simply chuck
the DSN without indicating to their customer that the email didn't get
delivered. You do not necessarily need a database to deal with this.
While we are trying to get back our SPF web site after being politically
hacked by Microsoft, does anyone have advice for making webgenerated email
SPF compatible? I can write something up, but am not skilled at making
it "pretty".
I'm still confused. In what sense are the two approaches indicated not
compatible with SPF? If memory serves, this page was originally
created before Sender-ID (back when it was simply SPF and Caller-ID as
two seperate proposals). The mention of SID was added later but prior
to the decision (by some) to apply SID to SPF1 records.
Mike.0