On Wed, 7 Sep 2005, gaven(_at_)gavdogg(_dot_)net wrote:
If a domain has its mail sent out by another domain,
wouldn't the "include" parameter of an SPF record negate the
need for SRS?
Yes it would.
For example, if "domaina.com" routes outbound mail to
"isp.com" and has an SPF record of "include:isp.com -all"
would that not pass the SPF test when "isp.com" attempts to
deliver "domaina.com"'s messages assuming "isp.com" has a
valid SPF record?
Yes it would. That is the purpose of include.
However, people talking about "forwarding
breaks SPF" are talking about receiver forwarding - where
the recipient MTA accepts the mail, changes RCPT TO to
a new address, then sends it to the new destination without
changing MAIL FROM. This works fine with SPF - PROVIDED the
next recipient is configured to skip SPF checking on
mail from the forwarding MTA. Such whitelisting of forwarders
is a requirement for doing strick SPF checking as a recipient.
However, a few recipients are misconfigured and reject mail that
they shouldn't. Because of them, "forwarding breaks SPF".
Even for such broken MTAs, you can simply extract the
real email address from the DSN and resend.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com