On 20-Jan-10, at 11:21 AM, Barry Say wrote:
Hi All,
I am new to this list having just been bitten by an SPF rejection
problem on a mail list I run.
Background. I am responsible for two hosting accounts on
blackfoot.co.uk who are a domain hosting company (no broadband or
dial up) on account is PERSONAL and the other I administer on behalf
of an ORGANISATION. Blackfoot is rolling out SPF checking for
incoming mail and this is installed on the ORGANISATION server but
not on the PERSONAL server. I intend to publish SPF records for my
domains but there is a point I would like clarified before I do
something really stupid.
--------------------------------
Officers of the ORGANISATION have addresses such as Chairman(_at_)organisation(_dot_)org(_dot_)uk
. Some of the more adept officers have multiple identities on on
their mailers so that they can send mail as fred(_at_)isp(_dot_)co(_dot_)uk or Chairman(_at_)organisation(_dot_)org(_dot_)uk
. They can pick up mail by IMAP or POP3 from the appropriate servers
but their mail will go out via mail.isp.co.uk (or some similar
service).
So if I publish SPF records for ORGANISATION and fred sends a
message using his chairman identity via mail.isp.co.uk, would that
fail the SPF test?
I hope that makes sense
Barry
<RANT>
I wish people would STOP OBFUSCATING DOMIAN NAMES. We can't help you
properly when you do that!
Trying to hide information that is for all intents and purposes PUBLIC
INFORMATION only serves to frustrate the people who are trying to help
you.
</RANT>
Now to the question at hand, it depends! (Of course, if we knew what
'organisation.org.uk' and 'isp.co.uk' really were we could probably
provide a more concise answer.)
If both 'organisation.org.uk' and 'isp.co.uk' use the same outgoing
mail server(s) then they can publish the same SPF policy and this is a
non-issue.
If 'organisation.org.uk' and 'isp.co.uk' use different outgoing mail
servers then you have basically two choices.
Choice 1: (easier solution)
Publish SPF policies for each domain that cover the IP address ranges
of all outgoing servers for both 'organisation.org.uk' and 'isp.co.uk'
Choice 1: (can be complicated)
Set up client mail applications to only send mail from the appropriate
mail server for each domain. So, if mail gets sent with the return
adress from 'Chairman(_at_)organisation(_dot_)org(_dot_)uk' it will only be relayed
through the server(s) that handle mail for 'organisation.org.uk'. and
then do the same for mail originating from '@isp.co.uk'.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
416-247-7740
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com