spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [spf-discuss] mail users with multiple identities

2010-01-20 11:45:27
from [Stuart D. Gathman] [Permanent Link] 
On Wed, 20 Jan 2010, Barry Say wrote:


Officers of the ORGANISATION have addresses such as
Chairman(_at_)organisation(_dot_)org(_dot_)uk(_dot_)  Some of the more adept 
officers have multiple
identities on on their mailers so that they can send mail as 
fred(_at_)isp(_dot_)co(_dot_)uk or
Chairman(_at_)organisation(_dot_)org(_dot_)uk(_dot_) They can pick up mail by 
IMAP or POP3 from the
appropriate servers but their mail will go out via mail.isp.co.uk (or some
similar service).

So if I publish SPF records for ORGANISATION and fred sends a message using
his chairman identity via mail.isp.co.uk, would that fail the SPF test?


Short answer: it's up to you - you determine that in your SPF record

Long answer:  It is tempting to "punt", and add "?ptr:isp.co.uk" to the
SPF record for organisation.org.uk - just so that fred can send
mail from "Chairman(_at_)organisation(_dot_)org(_dot_)uk" via mail.isp.co.uk.  
However,
that defeats the anti-forgery purpose of publishing an SPF record, as
anyone on isp.co.uk can now pretend to be 
Charman(_at_)organisation(_dot_)org(_dot_)uk(_dot_)

The much better solution is to provide an SMTP AUTH account for free 
on a mail server run by organisation.org.uk.  All email clients are 
easily configured to use SMTP AUTH.  You don't even have to write your
own step by step instructions for popular email clients - just crib them
from a university web site (or link to the uni site), and provide
a letter to your users with the data:

SMTP AUTH info for clients other than braindead Outlook

SMTP server:    mail.organisation.org.uk
Port:           587
TLS:            always
User:           chairman
Password:       hot air
Secure login:   no              (security provided by TLS)

Typical SMTP AUTH info for braindead M$ clients (no TLS support)

SMTP server:    mail.organisation.org.uk
Port:           465 (smtps)
Protocol:       SSL
User:           chairman
Password:       hot air
Secure login:   no              (security provided by smtps)

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [spf-discuss] Resolving MFROM/HELO conflicts, Ian Eiloart
Next by Date:  Re: [spf-discuss] mail users with multiple identities, Gino Cerullo
Previous by Thread:  [spf-discuss] Resolving MFROM/HELO conflicts, Stuart D. Gathman
Next by Thread:  Re: [spf-discuss] mail users with multiple identities, Gino Cerullo
Indexes:  [Date] [Thread] [Top] [All Lists]