RPF (Receiver Policy Framework) is a proposal to use SPF like records to
communicate receiver policy from a domain owner to a 3rd party mail store (imap
or pop service). It is directly useful when the envelope RCPT TO given to the
mail store is the domain with a Receiver Policy. It is not directly
applicable for mail providers that use their own domain (e.g. gmail.com).
The idea is that the 3rd party mail store checks SPF on all
incoming mail - modified according to a "v=rpf1" record which is
checked first. RPF records are evaluated just like SPF, using the
MAIL FROM domain for evaluation, not the RCPT TO domain used to fetch
the RPF record. An RPF pass means to accept the message and SKIP SPF checking.
RPF neutral means to check SPF normally. RPF fail means to REJECT the message
without checking SPF. Softfail means to check SPF, but generate some
kind of warning feedback to the domain owner suitable for debugging should
the SPF result be FAIL or SOFTFAIL.
Although RPF records represent internal policy, using DNS records is much
easier to program for the 3rd party mail store than, for example, a web app
to support similar configuration options. The key point is that the
3rd party mail store and their customers are separate administrative entities.
For these examples, "example.com" is a small domain using a 3rd party
mail store.
Example 1: non-SRS forwarders targetting example.com
A forwarder forwards example(_at_)forwarder(_dot_)com to
user(_at_)example(_dot_)com, but
does not rewrite the sender (forging the sender domain). The forwarder
sends outgoing mail from 1.2.3.4.
To tell the mail store to accept the forwarded mail without SPF checks:
example.com TXT "v=rpf1 ip4:1.2.3.4"
Example 2: use DNS blacklist
Example.com wants the mail store to use a DNS IP blacklist:
example.com TXT "v=rpf1 -exists:%{ir}.someblacklist.com"
Example 3: local domain blacklist
Example.com maintains a list of domains they wish to reject all mail
from in DNS.
example.com TXT "v=rpf1 -exists:%{d}.blacklist.example.com"
Example 4: disable SPF
Example.com does not wish to do any SPF checking for whatever reason.
example.com TXT "v=rpf1 +all"
Example 5: forwarder debugging
Example.com wants to whitelist a known forwarder, and be notified of any
forwarders they may have missed.
example.com TXT "v=rpf1 ip4:1.2.3.4 ~all"
Example 6: 3rd party spam filter
Example.com needs to tell the mail store that incoming mail first
goes through a 3rd party spam filter (the MX records for example.com
point to the spam filter, not to the mail store). Mail from any other source
should be rejected.
example.com TXT "v=rpf1 A:out.spamsoap.com -all"
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735