On Wed, 7 Sep 2005, gaven(_at_)gavdogg(_dot_)net wrote:
So if I understand this correctly, domains which receive
their email through some sort of front runner, like an ETRN
service, want to be able to do SPF checks? The problem
would then be that the front runner would be delivering
messages which would fail SPF because the front runner is
not the originating domain's outbound server?
That is correct. Any SPF checking must be done on the "front runner"
(AKA gateway MTA). This is the number one configuration mistake
SPF checkers make.
NOTE, some software, like SpamAssasin, attempts to work from
behind a front runner by examining the Received header added
by the "front runner" to get the connecting IP. This is not recommended. It
is error prone, and even when it works, the data is stale.
However, I believe SpamAssassin simply includes the SPF result in
its spam score, and doesn't block mail based solely on SPF.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com