On Wed, Aug 17, 2005 at 04:20:34PM -0400, Stuart D. Gathman wrote:
RRS=IHBf67rW=blockbuster(_dot_)com=user(_at_)example(_dot_)com
The hash signature prevents a spammer from sending mail with
arbitrary MAIL FROM to
RRS=????????=spammer(_dot_)com=user(_at_)example(_dot_)com(_dot_) They have
to
know the secret to generate a valid RRS alias.
Now, when email arrives to that address, the SPF check is done against
blockbuster.com - even though the MAIL FROM says custhelp.com - and
the mail is delivered to user(_at_)example(_dot_)com(_dot_) This is a much
more controlled
workaround than accepting SPF FAIL for custhelp.com - which has a perfectly
good SPF record.
Just to make sure: you do not reject on SPF error, right ?
For the archives: the reason I ask is that you do NOT want your
forwarder have the mail bounce to the "sender" (thus: the victim).
Should the mail be rejected, the forwarding party cannot deliver
this message to example.com and if the forwarder didn't check SPF
itself (most still don't) it will bounce to what the spammer
used as sender address.
Alex