spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] SPF and gateways

2005-09-23 01:52:24
from [Simon Tyler] [Permanent Link] 

---- Message from mailto:<johnp(_at_)idimo(_dot_)com johnp 
<johnp(_at_)idimo(_dot_)com> at 23-Sep-2005 10:42:32 ------ 




I know it is *my* boundary (actually it is not my boundary but the boundary 
of a customer using our software over which we have no control). We cannot 
guarantee that the AV provider will do it and the customer may not have the 
option of using a different AV provider. It is clearly in the AV providers 
interest to do it and I'm sure many will but all may not.  
  
A good RFC will provide a solution to this or at least advice. 


Does the outsourced AV server check SPF? Does it do SRS? Either of these will 
enable you 
to check you incoming mail as if it is forwarded from the AV server - which is 
effectively 
what is happening. 
  
No. The fundamental assumption here is that the AV gateway is AV only and is 
not SPF\SRS aware in anyway. Hence the first point we are able to check SPF is 
after the AV gateway.  
  
This is a real world problem for one of our customers who has just started 
using SPF in out product. He has AV outsourced but wishes to check SPF himself. 
I am trying to find a technical solution to the problem to include in the 
product. The only one I have thought of so far is to check the Received headers 
in the message when teh message arrives at the first SPF aware server and use 
the IP address in the Received header. This would work as long as you trust the 
Received headers and they are well formed. It is not nice though. 
  
A second (non-technical) solution would be to adjust MX records. Most 
outsourced AV is done by MX records being changed to point to the AV gateway 
which then forwards to the real mail server. You could introduce an additional 
SPF gateway before the AV gateway simply to do SPF and change the MX records to 
point to it but this is not really a good solution. 
  
Simon

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] SPF and gateways, johnp
Next by Date:  Re: [spf-discuss] SPF and gateways, johnp
Previous by Thread:  Re: [spf-discuss] SPF and gateways, johnp
Next by Thread:  Re: [spf-discuss] SPF and gateways, johnp
Indexes:  [Date] [Thread] [Top] [All Lists]