My email SMTP server is hosted externally.
I have been advised by the openspf.org wizard that the MTA should have
an SPF record.
I have asked the service provider to publish an SPF record but they
reply that:-
QUOTE
It is very rare that a mail receiver client will perform SPF lookups on
anything other than the MX relays of the email sender domain (MAIL
FROM/HELO domain). Most mail receivers will use SPF amongst many other
checks to determine a final action for the mail, however some will
decide to REJECT the mail based solely on the SPF results.
Using your domain as an example, since the SPF check for
mortgage-advice-centre.co.uk (when sent via mail1.ukisp.com) will PASS,
further checks will be un-necessary and just a waste of bandwidth.
According to RFC4408, Section 9, Subsection 9.5,
"The (SPF) authorization check generally precludes the use of arbitrary
MTA relays between sender and receiver of an E-Mail message."
"To perform the authorization test other than at the border,
the host that first transferred the message to the organization must
be determined, which can be difficult to extract from the message
header. Testing other than at the border is not recommended."
You will notice that most organisations will not have an SPF record
published for their domain's MX relays. For example, google.com:
dig mx google.com
[snip google records]
As no mail is generated as being FROM mail4.ukisp.com, the requirement
for an SPF record is neglible. Backscatter in this instance is not a
problem as no valid recipients at mail4.ukisp.com will exist, therefore
be accepted.
UNQUOTE
My question - are they correct?
If they are correct, why is there not more accurate guidance at
openspf.org?
If they are not correct, what is the follow-up that I should send to
repudiate their response and why is this topic not covered in the
openspf.org FAQ's
--
Best regards
Harvey Coward
Slough Mortgage Centre - In your best interest. ®
Mortgages & Loans. Conveyancing. Debt Management.
Life, Critical Illness, Income Protection, Buildings & Contents Insurance.
Abbey House, 18-24 Stoke Road, Slough SL2 5AG
Tel: 01753 516567
E-mail communications are not secure, for this reason Slough Mortgage Centre
Ltd cannot guarantee the security of the e-mail or its contents or that is
remains virus free once sent.
This e-mail message is strictly confidential and intended solely for the person
or organisation to whom it is addressed. It may contain privileged and
confidential information and if you are not the intended recipient, you must
not copy, distribute or take any action in reference to it. If you have
received this e-mail in error, please notify us as soon as possible and delete
the message from your system.
Slough Mortgage Centre Limited. Registered Office "Willsgrove", 10 The Chimes,
Dean Close, High Wycombe, HP12 3HR. Registered in England, number 04460564.
Consumer Credit Licence 570377. Slough Mortgage Centre Limited is an appointed
representative of Modus Mortgage Network which is authorised and regulated by
the Financial Services Authority.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
I have been advised by the openspf.org wizard that the MTA should have
an SPF record.
I have asked the service provider to publish an SPF record but they
reply that:-
QUOTE
It is very rare that a mail receiver client will perform SPF lookups on
anything other than the MX relays of the email sender domain (MAIL
FROM/HELO domain). Most mail receivers will use SPF amongst many other
checks to determine a final action for the mail, however some will
decide to REJECT the mail based solely on the SPF results.
Using your domain as an example, since the SPF check for
mortgage-advice-centre.co.uk (when sent via mail1.ukisp.com) will PASS,
further checks will be un-necessary and just a waste of bandwidth.
According to RFC4408, Section 9, Subsection 9.5,
"The (SPF) authorization check generally precludes the use of arbitrary
MTA relays between sender and receiver of an E-Mail message."
"To perform the authorization test other than at the border,
the host that first transferred the message to the organization must
be determined, which can be difficult to extract from the message
header. Testing other than at the border is not recommended."
You will notice that most organisations will not have an SPF record
published for their domain's MX relays. For example, google.com:
dig mx google.com
[snip google records]
As no mail is generated as being FROM mail4.ukisp.com, the requirement
for an SPF record is neglible. Backscatter in this instance is not a
problem as no valid recipients at mail4.ukisp.com will exist, therefore
be accepted.
UNQUOTE
My question - are they correct?
If they are correct, why is there not more accurate guidance at
openspf.org?
If they are not correct, what is the follow-up that I should send to
repudiate their response and why is this topic not covered in the
openspf.org FAQ's
--
Best regards
Harvey Coward
Slough Mortgage Centre - In your best interest. ®
Mortgages & Loans. Conveyancing. Debt Management.
Life, Critical Illness, Income Protection, Buildings & Contents Insurance.
Abbey House, 18-24 Stoke Road, Slough SL2 5AG
Tel: 01753 516567
E-mail communications are not secure, for this reason Slough Mortgage Centre
Ltd cannot guarantee the security of the e-mail or its contents or that is
remains virus free once sent.
This e-mail message is strictly confidential and intended solely for the person
or organisation to whom it is addressed. It may contain privileged and
confidential information and if you are not the intended recipient, you must
not copy, distribute or take any action in reference to it. If you have
received this e-mail in error, please notify us as soon as possible and delete
the message from your system.
Slough Mortgage Centre Limited. Registered Office "Willsgrove", 10 The Chimes,
Dean Close, High Wycombe, HP12 3HR. Registered in England, number 04460564.
Consumer Credit Licence 570377. Slough Mortgage Centre Limited is an appointed
representative of Modus Mortgage Network which is authorised and regulated by
the Financial Services Authority.
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com