K.J. Petrie (Instabook) wrote:
There's no point doing a check when we know the result in advance.
That would be a waste of resources.
True. An MTA behind a "traditional forwarder" could as well decree
FAIL on almost everything it gets - unless the forwarder also has
some ordinary mail outbound. It could also decree PASS on almost
everything it gets if it trusts that the forwarder is otherwise a
good netizen.
As you say checking SPF behind the "border" (and assuming that the
MAIL FROM wasn't adjusted) makes no sense, it's a waste of time
and pointless. Everywhere, secondary MX to primary MX is the most
straight "forward" scenario.
If the forwarder also sends ordinary mails it's tricky, these mails
could be also forged, zombie sending from within the network using
the normal MSA, but with forged Return-Paths.
Whitelisting a "traditional forwarder" is extremely dangerous. For
starters the administration of this forwarder is obviously clueless
or spam-friendly. Almost the same idea as open relays.
The problem is not your cheap ISP. The real problem is your cheap
forwarder, ditch it.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735