Mailing List Archive

Per Jessen wrote:
> This list does not seem very active, but I'll try it anyway -

You would be better off asking your question on [spf-help] and you will
probably get a quicker response.

> we are an email filtering service so we "sit" in between our customer
> and people that want to send them email. (we obviously use MX
> redirection).

Are you handling all of your clients mail? Or are there other routes to
the customers mail server that would not travel through your filtering
service?

> The customers mailserver is smart hosted by a provider, nothing unusual
> about it. The question is - is it _right_ to plainly reject the email
> from "adjoli.de" when the spf evaluation says "Neutral" ?

No this is not correct. But this action would indicate that the
customers server is running some sort of filtering of its own which i
would think completely unnecessary if your filtering service is running
effectively.

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

Graham Beneke wrote:

> Per Jessen wrote:
>> This list does not seem very active, but I'll try it anyway -
>
> You would be better off asking your question on [spf-help] and you
> will probably get a quicker response.

Thanks Graham - I didn't know that one.

>> we are an email filtering service so we "sit" in between our customer
>> and people that want to send them email. (we obviously use MX
>> redirection).
>
> Are you handling all of your clients mail? Or are there other routes
> to the customers mail server that would not travel through your
> filtering service?

No, we will be handling all of the customers email.

>> The customers mailserver is smart hosted by a provider, nothing
>> unusual about it. The question is - is it _right_ to plainly reject
>> the email from "adjoli.de" when the spf evaluation says "Neutral" ?
>
> No this is not correct. But this action would indicate that the
> customers server is running some sort of filtering of its own which i
> would think completely unnecessary if your filtering service is
> running effectively.

I completely agree, but I have very little influence on it. The
customers mailserver is hosted <somewhere>, and these are the guys
doing the SPF-check. We've suggested to the customer that they ask
their hoster to switch off the SPF-check for the domains in question,
but who knows - maybe they're unable to switch it off on a per-domain
basis.

Anyway, thanks for confirming my thinking. It's the first time I've
come across a provider doing rejects when the SPF evaluation was
neutral ...


/Per Jessen, Zürich

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Per Jessen wrote:
> we are an email filtering service so we "sit" in between our customer
> and people that want to send them email. (we obviously use MX
> redirection).
>
> We have a situation where "adjoli.de" wants to send a perfectly legit
> newsletter to my customer, but is being rejected by the customer
> mail-server due to our servers not being listed by the SPF record
> for "adjoli.de":
>
> "v=spf1 ip4:194.29.239.0/28 ?all"
>
> The customers mailserver is smart hosted by a provider, nothing unusual
> about it. The question is - is it _right_ to plainly reject the email
> from "adjoli.de" when the spf evaluation says "Neutral" ?

Two solutions:

A. Either you rewrite the envelope sender for all mail you forward to them
to a different domain -- one that belongs to _you_. E.g.: you receive
a message with MAIL FROM:<user@adjoli.de> for your customer. When you
forward it to your customer, instead of repeating the MAIL FROM:<user@
adjoli.de>, you say something like MAIL FROM:<user+adjoli.de@spamchek.
ch>. (In fact, this is a bit more complicated if you want it to be
secure -- see SRS AKA Sender Rewriting Scheme[1,2].)

B. Or your customer exempts mail forwarded to them by you from their SPF
checks. If they choose to do that, it would be good if _you_ then did
the SPF checks for them (don't know whether you already do).

References:
1. http://www.openspf.org/SRS
2. http://www.libsrs2.org/srs/srs.pdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGb6NOwL7PKlBZWjsRAk6fAJ99YSUhiwxmUxexLXQ/IuHO4l5aGQCg7Nmc
j0ZqKL39RXuZSql/xmIBnKg=
=q7Ms
-----END PGP SIGNATURE-----

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

Julian Mehnle wrote:

> B. Or your customer exempts mail forwarded to them by you from their
> SPF checks. If they choose to do that, it would be good if _you_
> then did the SPF checks for them (don't know whether you already do).

Yeah, we already do the SPF checking - we just accept a "Neutral"
result.


/Per Jessen, Zürich


--
http://www.spamchek.com/ - your spam is our business

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

On Wed, 13 Jun 2007 08:48:52 +0200 Per Jessen <per@computer.org> wrote:
>This list does not seem very active, but I'll try it anyway -
>
>we are an email filtering service so we "sit" in between our customer
>and people that want to send them email. (we obviously use MX
>redirection).
>
>We have a situation where "adjoli.de" wants to send a perfectly legit
>newsletter to my customer, but is being rejected by the customer
>mail-server due to our servers not being listed by the SPF record
>for "adjoli.de":
>
>"v=spf1 ip4:194.29.239.0/28 ?all"
>
>The customers mailserver is smart hosted by a provider, nothing unusual
>about it. The question is - is it _right_ to plainly reject the email
>from "adjoli.de" when the spf evaluation says "Neutral" ?
>
RFC 4408 is very clear on this. Neutral MUST be treated the same as None,
so unless they are also rejecting mail from domains with no SPF record
(this would not be likely at all), what they are doing is clearly NOT right.

Julian is correct about they two general solutions for this kind of problem.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com