I've received 2 complaints from customers whose web-host provider seems to
be incorrectly forwarding e-mails from these customer's domains, and our SPF
record is causing them to fail. I realize that getting the web-hosting
provider to change their ways because of something that we, (the ISP)
implemented that wasn't mandatory is probably a long shot, but...
Shouldn't the (proper) thing to correct these type issues be to cause the
forwarder to implement SRS, and not have us (as the ISP whose e-mail address
is being attempted to be incorrectly forwarded) to have to add that MX into
our SPF record?
My thoughts are that adding the improperly forwarding MX's IP Address into
our SPF record opens us back up (although only via that additional MX) to
spoofing of our domain.
I'm a relative newbie to SPF, so if I'm wrong, be gentle. :-)
Sincerely,
Mike
-----Original Message-----
From: owner-spf-help@v2.listbox.com [mailto:owner-spf-help@v2.listbox.com]
On Behalf Of Koen Martens
Sent: Monday, August 30, 2004 5:10 PM
To: spf-help@v2.listbox.com
Subject: Re: [spf-help] forwarding accounts
On Mon, Aug 30, 2004 at 07:47:07PM +0100, Peter Saunders wrote:
> > Tell me if I understand this correctly: the hosting company forwards
> > mail received for bat17.co.uk, your isp's incoming mx'es receive this
> > mail and check spf. The received mail fails spf for domains that have
> > published spf records.
> >
> > If this is correct, there's only two options:
> >
> > - Have the forwarder implement SRS
> > - Have the receiving MX whitelist the forwarder's outgoing mail servers
> >
> Spot on :-)
Great :)
> 2 questions, what is SRS and is an MX?
>
> My hosting company does let me set up an SPF text which I tried doing
> with its default setting but that did not seem to help.
>
> I assume that MX is my ISP, I have been onto their support but it is a
> holiday weekend here so I will not hear from them until tommorow I
> expect.
SRS stands for Sender Rewriting Scheme. It rewrites MAIL FROM adresses
at the forwarders server such that they appear to be from their hosts.
This is something the forwarder should implement.
An MX is a term from the Domain Name Server (DNS) terminology, it is
used to designate for a domain what the receiving mail server(s)
is(are).
So it seems you can not do a thing: SRS is something your forwarder
should implement. Whitelisting at the MX (receiving mail server)
SRS stands for Sender Rewriting Scheme. It rewrites MAIL FROM adresses
at the forwarders server such that they appear to be from their hosts.
This is something the forwarder should implement.
An MX is a term from the Domain Name Server (DNS) terminology, it is
used to designate for a domain what the receiving mail server(s)
is(are).
So it seems you can only wait for either the hosting company to
implement SRS or the ISP to whitelist the forwarder (I think the latter
is more likely than the former).
Koen
Koen
--
K.F.J. Martens, Sonologic,
http://www.sonologic.nl/ Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key:
http://www.metro.cx/pubkey-gmc.asc Wondering about the funny attachment your mail program
can't read? Visit
http://www.openpgp.org/ -------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com -------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com