spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] DomainDNS (DD) - new free DNS services that supports SPF

2005-09-01 16:10:49
from [Jasper Wallace] [Permanent Link] 
On Thu, 1 Sep 2005, Stuart D. Gathman wrote:


On Thu, 1 Sep 2005, Jasper Wallace wrote:


I noticed on the webhostingtalk.com thread that you offer email forwarding
for domains hosted with domaindns - do you support SRS (Sender Rewriting
Scheme) on emails you forward?

Without doing srs it's possible for domains that publish spf records that
end in -all to have emails falsely rejected, if they send an email to
someone who has their email forwarded to a destination that does strict spf
checking.


It is possible for screwed up mail receivers to falsely reject email
for all kinds of reasons.  SRS is just one tool that a mail receiver might
use to manage their forwarders.  It is not required.  All that is
required is to know who their forwarders are.  If they don't know,
then they can't (correctly) do strict spf checking.


Consider gmail.com - given the huge number of vanity domains that forward
mail to gmail, how can gmail tell which mail's are legitimate and being
forwarded, and which are spoofed?

The situation we have today (and will probably always have), is that
recipients will never be able to do strict spf checking, until they can be
fairly sure that the majority of forwarders re-write the return-path in some
way or another.

(gmail is why i'm setting up SRS at the moment, i've got an exists: tracking
mechanisim at the end of my spf record which lets me see who's doing spf
checking on email i send. I host a few mailing lists and a number of
subscribers forward their mail to gmail, i can use this to see which
forwarders don't do srs).


What is much more important that SRS in a forwarder for someone checking SPF
is that the forwarder also checks SPF.  It also helps if the forwarder
publishes SPF so that the recipient doesn't have to manually track
the IP addresses of their forwarder.


I agree that forwarders should also check spf, but if we can't rely on
forwarders doing srs, then we can't publish -all spf records.

--
[http://pointless.net/]                                   [0x2ECA0975]

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [spf-discuss] Re: Question on a unified policy record approach, Frank Ellermann
Next by Date:  Re: [spf-discuss] Re: Question on a unified policy record approach, Stuart D. Gathman
Previous by Thread:  Re: [spf-discuss] DomainDNS (DD) - new free DNS services that supports SPF, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] DomainDNS (DD) - new free DNS services that supports SPF, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]