Stuart D. Gathman wrote:
On Wed, 4 May 2005, Radu Hociung wrote:
A forwarder such as mail.com, uses its mail servers specifically to
relay ("forge", some might say) without changing the MAIL-FROM. so when
you send a message to happydog.com which is a forwarded domain that uses
mail.com MX servers, goes out through some other outgoing server that
belongs to mail.com.
However, no happydog.com (as its MAIL-FROM) mail originates from those
servers. So in this case, what do you think is more likely that ...
This makes no sense. Relay type forwarding is something a mail receiver
sets up. It has no effect on publishing SPF records. It does affect
checking SPF records if the forwarder does not change MAIL-FROM. But
the sender has nothing to do with it. Indeed they can't, because they
don't know what if any forwards a destination domain might have set up.
If you are talking about outsourced SMTP servers for outgoing mail, then yes,
the SPF record for a sending domain should include mail.com if that is how
they
are sending mail. With either '+', or '?', depending on whether mail.com
protects against internal forgery.
If you are talking about HELO SPF records, then it doesn't matter if the
MAIL-FROM and HELO domains are different. The MAIL-FROM and HELO domains are
unrelated. (Except for <> expanding to <postmaster(_at_)hello(_dot_)domain>.)
Ok, the entity "mail.com Inc." owns some 100 (maybe more) domain names
that it offers free forwarding accounts at. A brief sampling is below:
cliffhanger.com
cutey.com
doglover.com
gardener.com
hot-shot.com
inorbit.com
loveable.com
mad.scientist.com
playful.com
poetic.com
... and 100 other names like these
To get an email address at one of these domains, you go to mail.com,
tell them the username you want, select your complimentary newsletters
and special offers, and tell them which real account to forward all the
mail to.
Then, you tell your friends that you are Roses(_at_)gardener(_dot_)com, and have
mail.com send mail for roses(_at_)gardener(_dot_)com forwarded to
ab299321(_at_)chicago(_dot_)comcast(_dot_)com (which is an eyesore of an email
address,
but it's what you can get from your ISP)
So "mail.com Inc." forwards mail for roses(_at_)gardener(_dot_)com to
ab299321(_at_)chicago(_dot_)comcast(_dot_)com
When you send your mail as "Roses(_at_)gardener(_dot_)com", you have to use your
ISP, as mail.com does not provide you with relay services as well. This
is the case of many registrars that allow you to have any domain you
want forwarded to a real mailbox.
So the servers in the "mail.com Inc" building only receive mail
*destined for* Roses(_at_)gardener(_dot_)com, but never send any mail *from*
Roses.
when "mail.com Inc" connects to Comcast, it says "HELO
out45.us4.outblaze.com". It is then expected that it will deliver mail
from senderfriend(_at_)example(_dot_)com to
ab299321(_at_)chicago(_dot_)comcast(_dot_)com
So tell me, what SPF records go where and why, and what information can
the recipient assert based on the SPF records?
I think what you intend is the following:
gardener.com = v=spf1 +all
... Because mail.com has no idea where the various clients send from.
out45.us4.outblaze.com = v=spf1 -all
... because this server never sends mail as <> or
*(_at_)out45(_dot_)us4(_dot_)outblaze(_dot_)com
Radu.