---- Message from mailto:<johnp(_at_)idimo(_dot_)com johnp
<johnp(_at_)idimo(_dot_)com> at 23-Sep-2005 10:42:32 ------
I know it is *my* boundary (actually it is not my boundary but the boundary
of a customer using our software over which we have no control). We cannot
guarantee that the AV provider will do it and the customer may not have the
option of using a different AV provider. It is clearly in the AV providers
interest to do it and I'm sure many will but all may not.
A good RFC will provide a solution to this or at least advice.
Does the outsourced AV server check SPF? Does it do SRS? Either of these will
enable you
to check you incoming mail as if it is forwarded from the AV server - which is
effectively
what is happening.
No. The fundamental assumption here is that the AV gateway is AV only and is
not SPF\SRS aware in anyway. Hence the first point we are able to check SPF is
after the AV gateway.
This is a real world problem for one of our customers who has just started
using SPF in out product. He has AV outsourced but wishes to check SPF himself.
I am trying to find a technical solution to the problem to include in the
product. The only one I have thought of so far is to check the Received headers
in the message when teh message arrives at the first SPF aware server and use
the IP address in the Received header. This would work as long as you trust the
Received headers and they are well formed. It is not nice though.
A second (non-technical) solution would be to adjust MX records. Most
outsourced AV is done by MX records being changed to point to the AV gateway
which then forwards to the real mail server. You could introduce an additional
SPF gateway before the AV gateway simply to do SPF and change the MX records to
point to it but this is not really a good solution.
Simon
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com