Have you tried (as a test) to change your SPF to allow mail to come from
their domain as well just to see what happens?
-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Dennis Duval
Sent: Tuesday, September 28, 2004 12:48 PM
To: spf-help@v2.listbox.com
Subject: [SPF-FAIL] - Re: [spf-help] SPF problem with a recipient who is
forwarding mail - Sender is probably forged (SPF Softfail)
spf2@kitterman.com wrote:
>> -----Original Message-----
>> From: owner-spf-help@v2.listbox.com
>> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Dennis Duval
>> Sent: Monday, September 27, 2004 11:49 AM
>> To: spf-help@v2.listbox.com
>> Subject: [spf-help] SPF problem with a recipient who is forwarding
>> mail
>>
>>
>> I've had a simple SPF record published for the domain seacove.net for
>> about a year, with no problems or complaints. Seacove.net sends out
>> about 30,000 to 50,000 emails per day without any SPF rejections that
>> I'm aware of, until one problem recently manifested itself. The SPF
>> and MX records for seacove.net are as follows:
>>
>> seacove.net IN MX 20 mail.seacove.net.
>> seacove.net. IN TXT "v=spf1 mx -all"
>>
>> I have a client who is sending mail to an email address at
>> computerclinik.com. The owner of that domain has all mail set to
>> forward to his personal email at megapathdsl.net
>>
>> However, megapath rejects that forward based on SPF and sends an
>> email notice back to the originating sender at seacove.net.
>>
>> According to the tech support at megapathdsl.net, the mail arrives at
>> their mailserver indicating that it is 'from' seacove.net, but the
>> connection is acutally coming from one of several IP addresses
>> belonging to Critical Path. (cp.net).
>>
>> The mailserver for computerclinik.com per its MX is
>> inbound.computerclinik.com.criticalpath.net which accepts the mail
>> from seacove.net without complaint.
>>
>> The owner of the domain computerclinik.com insists that everyone in
>> the world is able to send to him and the mail forwards to his
>> megapathdsl.net account without problem. I have searched and
>> searched in vain for some reason that seacove.net should be singled
>> out by megapath's SPF checker, but cannot find one. I can easily
>> understand why their SPF checker rejects the mail from seacove.net
>> based on the information below, but I can't understand why forwarding
>> is being accepted from others with SPF records.
>>
>
> Since SPF is so new, you may be the first person with an SPF record
> defined that:
>
> 1. Tried to send them e-mail.
> 2. Bothered to follow-up when it went through.
>
> There really isn't much you can do directly. Since the domain owner
> is forwarding to an SPF aware MTA, they REALLY need to understand the
> implications of this. There are two ways to solve this:
>
> 1. Forwarder implements SRS. I checked and criticalpath.net doesn't
> even publish and SPF record yet, so I wouldn't expect them to be up on
> SRS either.
>
Thanks for the info and comments, Scott.
The domain owner says he has tested his mail forwarding with mail sent
from the following domains:
rocketmail.com, mindspring.com, symantec.com, microsoft.com, aol.com,
bbnm.enewsjournal.net, hp.com, cox.net, firetrust.com, zianet.com,
apc.com, avus.com,charter.net, myrealbox.com
Many of these have published SPF records, notably aol.com. Could it be
possible that megapathdsl.net is giving an SPF free pass to aol.com and
the other 'big guys'? If so, it totally defeats the whole system, and
ulitmately leaves small ISP's like seacove.net to deal with the
customers of companies like critical path who could really care less
about SPF or how well their forwarding works.
Dennis Duval
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
their domain as well just to see what happens?
-----Original Message-----
From: owner-spf-help@v2.listbox.com
[mailto:owner-spf-help@v2.listbox.com] On Behalf Of Dennis Duval
Sent: Tuesday, September 28, 2004 12:48 PM
To: spf-help@v2.listbox.com
Subject: [SPF-FAIL] - Re: [spf-help] SPF problem with a recipient who is
forwarding mail - Sender is probably forged (SPF Softfail)
spf2@kitterman.com wrote:
>> -----Original Message-----
>> From: owner-spf-help@v2.listbox.com
>> [mailto:owner-spf-help@v2.listbox.com]On Behalf Of Dennis Duval
>> Sent: Monday, September 27, 2004 11:49 AM
>> To: spf-help@v2.listbox.com
>> Subject: [spf-help] SPF problem with a recipient who is forwarding
>>
>>
>> I've had a simple SPF record published for the domain seacove.net for
>> about a year, with no problems or complaints. Seacove.net sends out
>> about 30,000 to 50,000 emails per day without any SPF rejections that
>> I'm aware of, until one problem recently manifested itself. The SPF
>> and MX records for seacove.net are as follows:
>>
>> seacove.net IN MX 20 mail.seacove.net.
>> seacove.net. IN TXT "v=spf1 mx -all"
>>
>> I have a client who is sending mail to an email address at
>> computerclinik.com. The owner of that domain has all mail set to
>> forward to his personal email at megapathdsl.net
>>
>> However, megapath rejects that forward based on SPF and sends an
>> email notice back to the originating sender at seacove.net.
>>
>> According to the tech support at megapathdsl.net, the mail arrives at
>> their mailserver indicating that it is 'from' seacove.net, but the
>> connection is acutally coming from one of several IP addresses
>> belonging to Critical Path. (cp.net).
>>
>> The mailserver for computerclinik.com per its MX is
>> inbound.computerclinik.com.criticalpath.net which accepts the mail
>> from seacove.net without complaint.
>>
>> The owner of the domain computerclinik.com insists that everyone in
>> the world is able to send to him and the mail forwards to his
>> megapathdsl.net account without problem. I have searched and
>> searched in vain for some reason that seacove.net should be singled
>> out by megapath's SPF checker, but cannot find one. I can easily
>> understand why their SPF checker rejects the mail from seacove.net
>> based on the information below, but I can't understand why forwarding
>> is being accepted from others with SPF records.
>>
>
> Since SPF is so new, you may be the first person with an SPF record
> defined that:
>
> 1. Tried to send them e-mail.
> 2. Bothered to follow-up when it went through.
>
> There really isn't much you can do directly. Since the domain owner
> is forwarding to an SPF aware MTA, they REALLY need to understand the
> implications of this. There are two ways to solve this:
>
> 1. Forwarder implements SRS. I checked and criticalpath.net doesn't
> even publish and SPF record yet, so I wouldn't expect them to be up on
> SRS either.
>
Thanks for the info and comments, Scott.
The domain owner says he has tested his mail forwarding with mail sent
from the following domains:
rocketmail.com, mindspring.com, symantec.com, microsoft.com, aol.com,
bbnm.enewsjournal.net, hp.com, cox.net, firetrust.com, zianet.com,
apc.com, avus.com,charter.net, myrealbox.com
Many of these have published SPF records, notably aol.com. Could it be
possible that megapathdsl.net is giving an SPF free pass to aol.com and
the other 'big guys'? If so, it totally defeats the whole system, and
ulitmately leaves small ISP's like seacove.net to deal with the
customers of companies like critical path who could really care less
about SPF or how well their forwarding works.
Dennis Duval
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your
subscription, please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
--------------------------------------------------------------------------------
This email is intended only for the named recipents. All email is monitored and archived for compliance requirements.
The views or context in this message may not reflect the view or context of the company.
--------------------------------------------------------------------------------
-------
Archives at http://archives.listbox.com/spf-help/current/
Donate! http://spf.pobox.com/donations.html
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com