Per Jessen wrote:
In essence you have two options, either send directly to the
"new" address as indicated in the bounce, or risk to use an
unprotected MAIL FROM address. The latter is dangerous if
the spammers somehow find and abuse it.
Unprotected as in "without SPF record"? Which would produce
a SOFT FAIL or something on the final destination end?
No record results in NONE. A policy only enumerating the IPs
for a PASS leaving anything else (?all) as NEUTRAL should have
a very similar effect in your scenario.
SOFTFAIL (~all) is another beast, a kind of semi-protection
for tests, and it can be worse than a clear FAIL: If the 2nd
hop in your case notes a Received-SPF result "SOFTFAIL", and
that finally arrives in a "suspicious mail" folder of the user,
then this user might delete it without further checks.
You already know that this user isn't aware of his problem with
SPF and FAIL, so I think it can only get worse with a SOFTFAIL:
With a FAIL you got the bounce and can do something about it.
And you know that it's SPF and your policy resulting in a FAIL
if checked behind the border. With a SOFTFAIL your mail could
vanish unnoticed in a black hole not under your control.
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735