Mailing List Archive

Forwarding-Question
Hello there,

we use a SPF-Record since a few years on our domain.
Now we wanted to send a message to an address on another domain, which
forwards emails to an address in a third domain.
The eMail was rejected because the second domain used the original
"envelope-from" and the MX of the third domain rejected that, because
the eMail was not sent over the servers specified in our SPF-Record.

Is the only way to solve this to force all hosters all over the world to
implement SRS?

Rgds.
Dieter Guthmann


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Forwarding-Question [ In reply to ]
Dieter Guthmann wrote:
> Is the only way to solve this to force all hosters all over the world to
> implement SRS?

Only those that are acting as forwarders would need to implement SRS or
some form of sender rewriting. Mail forwarders would run in to SPF
problems when delivering mail from any domain with an SPF record, not
just yours. If they want to continue to forward mail successfully, they
need to get their heads out of the sand.

If this is a very specific case where you want to send messages to
domainB which forwards to domainC, you could ask domainC to skip SPF
checking for domainB's hosts, or you could include domainB's hosts in
your domain's SPF record. Obviously, these solutions don't scale well,
and I would only recommend them if this is how your domain normally
sends mail.

Andrew


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Forwarding-Question [ In reply to ]
all forwarders should do SRS
additionally all receivers should provide a method for users to whitelist all their non-srs forwarders

as they will never disappear entirely {as many products like for example exchange do not do srs {or even any form of sender-id compliant forwarding} despite encouraging users to use it for filtering their incoming mail}

the receiver whitelisting is also much less complex {assuming the forwarder checks spf before receiving the original}

unfortunately few big receivers offer such an option {though always a good way to encourage users to pick a better end-point for all their various email sources}


At 14:50 30/03/2010 Tuesday, Andrew Culver wrote:
>Dieter Guthmann wrote:
>> Is the only way to solve this to force all hosters all over the world to
>> implement SRS?
>
>Only those that are acting as forwarders would need to implement SRS or
>some form of sender rewriting. Mail forwarders would run in to SPF
>problems when delivering mail from any domain with an SPF record, not
>just yours. If they want to continue to forward mail successfully, they
>need to get their heads out of the sand.
>
>If this is a very specific case where you want to send messages to
>domainB which forwards to domainC, you could ask domainC to skip SPF
>checking for domainB's hosts, or you could include domainB's hosts in
>your domain's SPF record. Obviously, these solutions don't scale well,
>and I would only recommend them if this is how your domain normally
>sends mail.
>
>Andrew
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com
Re: Forwarding-Question [ In reply to ]
On 30/Mar/10 19:53, alan wrote:
> all forwarders should do SRS

All forwarders should be SPF-aware... SRS is just one way. For
example, a forwarder who doesn't care about DSNs can just set a blank
MFROM.

> additionally all receivers should provide a method for users to whitelist all their non-srs forwarders

Very much agreed. However, that implies a method to get a list of
those forwarders, e.g. that described in http://fixforwarding.org/.



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com