It's time I stopped just lurking and said something ...
Stuart D. Gathman writes:
There is no forwarding problem in SPF1.
It is true that to correctly check SPF, a receiver that includes forwarders as
part of their receiving MTA network must take this part of their network into
account.
There IS a forwarding problem with SPF1, and it has nothing to do with
forwarders as part of a receiving MTA network. It has to do with
forwarding to remote networks.
For example, I handle email for a bunch of small businesses, meaning
mail sent to addresses in their domains comes here, and I disperse it
to wherever they want it to go. If JaneDoe(_at_)aol(_dot_)com sends mail to one
of my users with mail forwarded to JohnBuck(_at_)BigIsp(_dot_)com, then unless I
do something special, BigIsp.com sees my little server trying to give
it mail with an aol.com MAILFROM. My server would flunk an SPF test
for legitimate senders of mail from aol.com. This is the SPF1
forwarding problem.
I get around it by using SRS, but SRS introduces edge-case problems of
its own. For example, I'm not sure this mail will make it to the
list. SRS will re-write the MAILFROM into an unsubscribed address, so
if the MAILFROM is what the list software checks you won't see this
until/unless I re-send it without SRS.
On a diffferent topic, does anyone know whether Microsoft's PRA check
will use spf2.0/mfrom records?
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
Gatekeeper, NetHeaven, Saratoga Springs, NY