On Thu, 2005-07-07 at 10:33 -0400, Stuart D. Gathman wrote:
I don't know where they'll be forwarding mail from -- my only option
would be to force all of them to continually maintain a list of IP
addresses for their own whitelist, which would be a large technical
challenge for me and a time-consuming ongoing task for them.
You do have to force them to maintain a list. But it doesn't have
to be IP addresses. They only need to list forwarder domains. Use SPF
to translate the domains to IP addresses. Even if the forwarder
doesn't publish SPF, a "best guess" record will usually work. And
you can provide a local substitute.
You're right -- I don't _have_ to get them to provide IP addresses; I
could try to map the domains to IP addresses myself.
But that would be a complicated and error-prone task, and not one which
I consider feasible for me to undertake. Even if the forwarding domain
publishes SPF for its own outgoing mail, that SPF record doesn't
necessarily match the hosts which will be used for forwarding. I'd
basically be pulling lists of IP addresses out of my wossname.
If users were to want SPF checking, then my choice would be to have them
provide the IP addresses for themselves. That way, they have only
themselves to blame -- I know perfectly well would only get it wrong
with whatever fuzzy heuristics I might use, and I certainly would not
have the time or inclination to check each day for changes at each
domain.
--
dwmw2