A question for those who have spent a lot of time helping point solve
problems with SPF failures.
What are the most common failure cases for SPF? (Please indicate
which is the most common.)
For example:
* Legitimate email being rejected due to forwarding.
* Legitimate email being rejected due to being sent from the wrong
location. (aka the traveling mailman problem, or the roaming/home
user problem.)
* Legitimate email being rejected due to mailing lists not rewriting
the MAIL FROM address
* Legitimate email being rejected due to SPF records not containing
all IP addresses that they should
* Legitimate email being rejected due to SPF records having syntax
errors.
* Legitimate email being rejected due to SPF records being used for
PRA checking instead of MAIL FROM checking, or similar cases where
the SPF record is not being used as intended.
* Other cases
While it is fairly easy to detect when SPF is rejecting email, it is
much harder to distinguish between legitimate emails being rejected,
and when some spammer has forged email and the rejection is exactly
what we want.
Looking through the SPF-Help RT reports, it looks like the roaming
user problem is actually roaming user problem is the most frequent,
but I haven't studied the reports closely enough to be sure.
-wayne