Dan Field wrote:
then we get back into the old argument of the sender does
not know (And may not care) that his message was sent via
a forwarder... he just wants it to be delivered.
Hi, senders with a FAIL policy do care, they want their mail
rejected (not delivered) in this case. Don't worry too much,
it's no chess.
If you accept FAIL _and_ tag it as "suspicious" the result
could be wrong, if users delete all "tagged" mails. You
should never see any "unwanted" FAIL, because:
0 - if the forwarder uses a sender rewriting scheme there
won't be a FAIL, dito from mailing lists.
1 - if the sender policy is wrong it's not your problem,
just reject, the sender will fix it
2 - if it was really spam and you reject it that's fine
3 - if it was from a "trusted forwarder" you screwed up,
you're not supposed to check SPF from trusted sources
like your own secondary MXs, or a forwarding arranged
by one of your users.
Some say the forwarder is wrong, other disagree...
The user is wrong, and he pays for the right to be wrong ;-)
The most dangerous course is to tag FAIL instead of reject
without educating your users. Reject is never wrong, any
legit sender would then try the direct route to your user
bypassing the forwarder.
Bye, Frank
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com