On Tue, 13 Mar 2007, John A. Martin wrote:
Scott> On Monday 12 March 2007 18:52, John A. Martin wrote:
>> Would someone please explain precisely what is meant at
>> <http://www.openspf.org/Best_Practices/Forwarding> by the
>> following and perhaps provide an illustrative example?
>>
>> If your implementation allows it, also check SPF for a
>> "pretend" MAIL FROM that your forwarder could use. This
>> verifies that the forwarded mail really came from your trusted
>> forwarder.
Suppose MyForwarder is your alias forwarder. They do not use SRS.
However, they *do* control their own myforwarder.com domain (where your
forwarded address resides) with an SPF record. So, when you get mail, the MAIL
FROM will be
MAIL FROM: <joe(_at_)randomdomain(_dot_)com>
*But*, before check SPF for randomdomain.com, you check SPF as if the
MAIL FROM was:
MAIL FROM: <postmaster(_at_)myforwarder(_dot_)com>
instead.
If that gets a pass, then you know the mail was forwarded (and SPF checking
on the actual MAIL FROM is useless).
If myforwarder.com doesn't actually have an SPF record, then some
SPF libraries (e.g. pyspf) will allow you to supply a substitute that
you figure out and maintain yourself.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735