Mailing List Archive

Is my hosting company forwarding email properly?
My domain is example.com. I have support@example.com
set to forward my messages to davidmarcus@alum.mit.edu (which in turn
forwards to david.marcus.phd@rcn.com). DNS has

example.com. 14400 IN TXT "v=spf1 +a +mx -all"

I sent an email from davidmarcus@alum.mit.edu to
support@example.com. See below. Are the headers correct for spf?

David

Return-Path: <davidmarcus@alum.mit.edu>
Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net)
([207.172.157.38])
by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
with ESMTP id ATP22327;
Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
with ESMTP id BVQ54291;
Thu, 28 Oct 2010 17:23:42 -0400
Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
Received: from alum-mailsec-scanner-1.mit.edu
(ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with
SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
X-No-Auth: unauthenticated sender
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
Received: by virgo.dns-shield.com (Postfix, from userid 110)
id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
X-Original-To: support@example.com
Delivered-To: support@example.com
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
by virgo.dns-shield.com (Postfix) with ESMTP
for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
Received: from David-PC.alum.mit.edu
(209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
(authenticated bits=0)
(User authenticated as davidmarcus@ALUM.MIT.EDU)
outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 28 Oct 2010 17:23:38 -0400
To: support@example.com
From: David Marcus <davidmarcus@alum.mit.edu>
Subject: Hi
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: OK
X-Virus-Scanned: OK
X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe

Hi.

David



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
ok first off the question is flawed

if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
A NOT check any mail from your forwarder-provider for SPF
B better to check only the pre-forwarder ip against the senders spf record

as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)

you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
-------------------------
additional, some forwarders (not yours in example given) do get around this requirement by using SRS
SRS == sender rewriting system

ie sender sends mail from sender@original to forwarder
forwarder sends mail to you with altered from of sender+original@forwarders-domain
thus mail arriving always passes SPF as its using an envelope of xxx@forwarders-domain

this is at best a hack to get round badly setup receiving software,
one that works well and should be offererd (optionally) by all forwarders,
but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender

thus forcing you to effectively take option A and making option B impossible
----------------




At 00:51 29/10/2010 Friday, David Marcus wrote:
>My domain is example.com. I have support@example.com set to forward my messages to davidmarcus@alum.mit.edu (which in turn forwards to david.marcus.phd@rcn.com). DNS has
>
>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>
>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?
>
>David
>
>Return-Path: <davidmarcus@alum.mit.edu>
>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id ATP22327;
> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BVQ54291;
> Thu, 28 Oct 2010 17:23:42 -0400
>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>X-Original-To: support@example.com
>Delivered-To: support@example.com
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
> by virgo.dns-shield.com (Postfix) with ESMTP
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
> (authenticated bits=0)
> (User authenticated as davidmarcus@ALUM.MIT.EDU)
> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>Date: Thu, 28 Oct 2010 17:23:38 -0400
>To: support@example.com
>From: David Marcus <davidmarcus@alum.mit.edu>
>Subject: Hi
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"; format=flowed
>X-Virus-Scanned: OK
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>
>Hi.
>
>David
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
I'm sorry, but I don't understand your answer. In particular, I don't
know who "your... as a receiver" refers to.

I moved my domain to a hosting company. I created the email address
"support@example.com" (using the Plesk control panel) and set
it to forward the emails to me. I read somewhere about spf. I checked
the DNS records and see that my hosting company has set up an spf
record for my domain. My question is, is the setup correct? If not,
what needs to be changed? I don't know if the hosting company's mail
servers check spf nor whether alum.mit.edu or rcn.com are checking
spf. I could ask one or all three, if necessary, but first I'd like
to know if things are correct, and if not, what is wrong.

David

>ok first off the question is flawed
>
>if you have address's setup to forward inbound mail to you, it is
>your duty as a receiver to either
>A NOT check any mail from your forwarder-provider for SPF
>B better to check only the pre-forwarder ip against the senders spf record
>
>as obviously it will be from whoever the original sender was (and
>their SPF will not list your forwarder as that would be INSANE)
>
>you as the owner/subscriber/user of the forwarder have this duty
>alone, if your server lacks the facility to whitelist ips from spf
>checks then either dont use it or the forwarder
>-------------------------
>additional, some forwarders (not yours in example given) do get
>around this requirement by using SRS
>SRS == sender rewriting system
>
>ie sender sends mail from sender@original to forwarder
>forwarder sends mail to you with altered from of
>sender+original@forwarders-domain
>thus mail arriving always passes SPF as its using an envelope of
>xxx@forwarders-domain
>
>this is at best a hack to get round badly setup receiving software,
>one that works well and should be offererd (optionally) by all forwarders,
>but if used makes SPF checking any mail from the forwarder entirely
>pointless as it will always pass and you never see the original sender
>
>thus forcing you to effectively take option A and making option B impossible
>----------------
>
>
>
>
>At 00:51 29/10/2010 Friday, David Marcus wrote:
> >My domain is example.com. I have support@example.com
> set to forward my messages to davidmarcus@alum.mit.edu (which in
> turn forwards to david.marcus.phd@rcn.com). DNS has
> >
> >example.com. 14400 IN TXT "v=spf1 +a +mx -all"
> >
> >I sent an email from davidmarcus@alum.mit.edu to
> support@example.com. See below. Are the headers correct for spf?
> >
> >David
> >
> >Return-Path: <davidmarcus@alum.mit.edu>
> >Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net)
> ([207.172.157.38])
> > by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> > with ESMTP id ATP22327;
> > Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
> >Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net
> [207.172.157.59])
> > by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
> > with ESMTP id BVQ54291;
> > Thu, 28 Oct 2010 17:23:42 -0400
> >Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
> > by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
> >Received: from alum-mailsec-scanner-1.mit.edu
> (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
> > by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP
> id o9SLLBlj024993
> > for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010
> 17:23:40 -0400
> >X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
> >Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> > by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail
> Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010
> 17:23:40 -0400 (EDT)
> >Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> > by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
> > for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39
> -0400 (EDT)
> >X-No-Auth: unauthenticated sender
> >Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> > by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
> > for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39
> -0400 (EDT)
> >Received: by virgo.dns-shield.com (Postfix, from userid 110)
> > id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
> >X-Original-To: support@example.com
> >Delivered-To: support@example.com
> >Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> > by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
> > for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> > by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
> > for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
> > by virgo.dns-shield.com (Postfix) with ESMTP
> > for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >Received: from David-PC.alum.mit.edu
> (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
> > (authenticated bits=0)
> > (User authenticated as davidmarcus@ALUM.MIT.EDU)
> > outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
> > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
> > for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
> >Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
> >X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
> >Date: Thu, 28 Oct 2010 17:23:38 -0400
> >To: support@example.com
> >From: David Marcus <davidmarcus@alum.mit.edu>
> >Subject: Hi
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset="us-ascii"; format=flowed
> >X-Virus-Scanned: OK
> >X-Virus-Scanned: OK
> >X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
> >
> >Hi.
> >
> >David
> >
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >Modify Your Subscription: https://www.listbox.com/member/?&
> >Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
> >Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/
>[http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>Modify Your Subscription:
>https://www.listbox.com/member/?&
>Unsubscribe Now:
>https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 01:36 29/10/2010 Friday, David Marcus wrote:
>I'm sorry, but I don't understand your answer.

Im sorry I tried to be clear

> In particular, I don't know who "your... as a receiver" refers to.

you as the ultimate recipient of the mail
(or if you dont control the final receiving mail server, ie if your final receiving address is hosted elsewhere or rented from a 3rd party, they 'on your behalf', usually written as you)

same as if i said 'you need to buy X' i don't actually mean you have to you can also send your wife/secretary or any other agent acting on your behalf

>I moved my domain to a hosting company. I created the email address "support@example.com" (using the Plesk control panel) and set it to forward the emails to me. I read somewhere about spf. I checked the DNS records and see that my hosting company has set up an spf record for my domain. My question is, is the setup correct? If not, what needs to be changed? I don't know if the hosting company's mail servers check spf nor whether alum.mit.edu or rcn.com are checking spf. I could ask one or all three, if necessary, but first I'd like to know if things are correct, and if not, what is wrong.

SPF is used by receivers to check the legitimacy of senders

so your either interested in the use of it as a receiver to check mail from others
(your forwarding arrangements being relevant)

or your interested in knowing about the spf setup of whatever address/servers you send from
(in which case you need to include details of what address you send from, and what servers/ip's you send via, and remove all mention of anything confusing like forwarders or incomming messages from the question)

if you are not enquiring about how it pertains to your reception of email from others, then simply remove all reference to your forwarding and reception arrangements.

and include instead how you send mail, then we (the readers) might be able to quess that you are talking about SPF in the context of how you send mail


in case you are talking about outgoing mail, as no details have been given the details available are only based on this mail you just sent so any analysis will be incomplete

but looking at your headers

(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
<spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
Received: from David-PC.alum.mit.edu)

tells me your mail comes from a server that helo/ehlo's as

outgoing-alum.mit.edu which currently has no SPF record
(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption it has only one ip address)

you send from davidmarcus@alum.mit.edu

the domain has an spf record of
"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16 ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"

this spf record does include the above mailserver (along with 66300 others???)
so i do suspect your sending domains spf policy might be larger than entirely necessary, but this mail did pass the SPF policy for your domain

one obvious improvement would be to remove the text '/32' form the above as its redundant



>David
>
>>ok first off the question is flawed
>>
>>if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
>>A NOT check any mail from your forwarder-provider for SPF
>>B better to check only the pre-forwarder ip against the senders spf record
>>
>>as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)
>>
>>you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
>>-------------------------
>>additional, some forwarders (not yours in example given) do get around this requirement by using SRS
>>SRS == sender rewriting system
>>
>>ie sender sends mail from sender@original to forwarder
>>forwarder sends mail to you with altered from of sender+original@forwarders-domain
>>thus mail arriving always passes SPF as its using an envelope of xxx@forwarders-domain
>>
>>this is at best a hack to get round badly setup receiving software,
>>one that works well and should be offererd (optionally) by all forwarders,
>>but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender
>>
>>thus forcing you to effectively take option A and making option B impossible
>>----------------
>>
>>
>>
>>
>>At 00:51 29/10/2010 Friday, David Marcus wrote:
>>>My domain is example.com. I have support@example.com set to forward my messages to davidmarcus@alum.mit.edu (which in turn forwards to david.marcus.phd@rcn.com). DNS has
>>>
>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>>>
>>>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?
>>>
>>>David
>>>
>>>Return-Path: <davidmarcus@alum.mit.edu>
>>>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
>>> with ESMTP id ATP22327;
>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
>>> with ESMTP id BVQ54291;
>>> Thu, 28 Oct 2010 17:23:42 -0400
>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>>>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
>>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>X-No-Auth: unauthenticated sender
>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>X-Original-To: support@example.com
>>>Delivered-To: support@example.com
>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
>>> by virgo.dns-shield.com (Postfix) with ESMTP
>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
>>> (authenticated bits=0)
>>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
>>>To: support@example.com
>>>From: David Marcus <davidmarcus@alum.mit.edu>
>>>Subject: Hi
>>>Mime-Version: 1.0
>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
>>>X-Virus-Scanned: OK
>>>X-Virus-Scanned: OK
>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>>>
>>>Hi.
>>>
>>>David
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
I'll rephrase the question. I own example.com. The address
"support@example.com" receives mail from lots of people. The
mail server at example.com forwards the mail to an email
address at alum.mit.edu, which then forwards it to an address at
rcn.com. Is spf for example.com relevant for mail forwarded by
example.com? I.e., might alum.mit.edu or rcn.com check the spf
for example.com?

David

P.S. While MIT's spf records are interesting, my only connection with
MIT is that I got my Ph.D. there, so I'll let the MIT IT folks worry
about their email system.

>At 01:36 29/10/2010 Friday, David Marcus wrote:
> >I'm sorry, but I don't understand your answer.
>
>Im sorry I tried to be clear
>
> > In particular, I don't know who "your... as a receiver" refers to.
>
>you as the ultimate recipient of the mail
>(or if you dont control the final receiving mail server, ie if your
>final receiving address is hosted elsewhere or rented from a 3rd
>party, they 'on your behalf', usually written as you)
>
>same as if i said 'you need to buy X' i don't actually mean you have
>to you can also send your wife/secretary or any other agent acting
>on your behalf
>
> >I moved my domain to a hosting company. I created the email
> address "support@example.com" (using the Plesk control
> panel) and set it to forward the emails to me. I read somewhere
> about spf. I checked the DNS records and see that my hosting
> company has set up an spf record for my domain. My question is, is
> the setup correct? If not, what needs to be changed? I don't know
> if the hosting company's mail servers check spf nor whether
> alum.mit.edu or rcn.com are checking spf. I could ask one or all
> three, if necessary, but first I'd like to know if things are
> correct, and if not, what is wrong.
>
>SPF is used by receivers to check the legitimacy of senders
>
>so your either interested in the use of it as a receiver to check
>mail from others
>(your forwarding arrangements being relevant)
>
>or your interested in knowing about the spf setup of whatever
>address/servers you send from
>(in which case you need to include details of what address you send
>from, and what servers/ip's you send via, and remove all mention of
>anything confusing like forwarders or incomming messages from the question)
>
>if you are not enquiring about how it pertains to your reception of
>email from others, then simply remove all reference to your
>forwarding and reception arrangements.
>
>and include instead how you send mail, then we (the readers) might
>be able to quess that you are talking about SPF in the context of
>how you send mail
>
>
>in case you are talking about outgoing mail, as no details have been
>given the details available are only based on this mail you just
>sent so any analysis will be incomplete
>
>but looking at your headers
>
>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
> <spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
>Received: from David-PC.alum.mit.edu)
>
>tells me your mail comes from a server that helo/ehlo's as
>
>outgoing-alum.mit.edu which currently has no SPF record
>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption
>it has only one ip address)
>
>you send from davidmarcus@alum.mit.edu
>
>the domain has an spf record of
>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16
>ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
>
>this spf record does include the above mailserver (along with 66300 others???)
>so i do suspect your sending domains spf policy might be larger than
>entirely necessary, but this mail did pass the SPF policy for your domain
>
>one obvious improvement would be to remove the text '/32' form the
>above as its redundant
>
>
>
> >David
> >
> >>ok first off the question is flawed
> >>
> >>if you have address's setup to forward inbound mail to you, it is
> your duty as a receiver to either
> >>A NOT check any mail from your forwarder-provider for SPF
> >>B better to check only the pre-forwarder ip against the senders spf record
> >>
> >>as obviously it will be from whoever the original sender was (and
> their SPF will not list your forwarder as that would be INSANE)
> >>
> >>you as the owner/subscriber/user of the forwarder have this duty
> alone, if your server lacks the facility to whitelist ips from spf
> checks then either dont use it or the forwarder
> >>-------------------------
> >>additional, some forwarders (not yours in example given) do get
> around this requirement by using SRS
> >>SRS == sender rewriting system
> >>
> >>ie sender sends mail from sender@original to forwarder
> >>forwarder sends mail to you with altered from of
> sender+original@forwarders-domain
> >>thus mail arriving always passes SPF as its using an envelope of
> xxx@forwarders-domain
> >>
> >>this is at best a hack to get round badly setup receiving software,
> >>one that works well and should be offererd (optionally) by all forwarders,
> >>but if used makes SPF checking any mail from the forwarder
> entirely pointless as it will always pass and you never see the original sender
> >>
> >>thus forcing you to effectively take option A and making option B
> impossible
> >>----------------
> >>
> >>
> >>
> >>
> >>At 00:51 29/10/2010 Friday, David Marcus wrote:
> >>>My domain is example.com. I have
> support@example.com set to forward my messages to
> davidmarcus@alum.mit.edu (which in turn forwards to
> david.marcus.phd@rcn.com). DNS has
> >>>
> >>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
> >>>
> >>>I sent an email from davidmarcus@alum.mit.edu to
> support@example.com. See below. Are the headers correct for spf?
> >>>
> >>>David
> >>>
> >>>Return-Path: <davidmarcus@alum.mit.edu>
> >>>Received: from mr18.lnh.mail.rcn.net (EHLO
> mr18.lnh.mail.rcn.net) ([207.172.157.38])
> >>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> >>> with ESMTP id ATP22327;
> >>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
> >>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net
> [207.172.157.59])
> >>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
> >>> with ESMTP id BVQ54291;
> >>> Thu, 28 Oct 2010 17:23:42 -0400
> >>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
> >>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
> >>>Received: from alum-mailsec-scanner-1.mit.edu
> (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
> >>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with
> ESMTP id o9SLLBlj024993
> >>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010
> 17:23:40 -0400
> >>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
> >>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> >>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail
> Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010
> 17:23:40 -0400 (EDT)
> >>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
> >>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>X-No-Auth: unauthenticated sender
> >>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
> >>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> >>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
> >>>X-Original-To: support@example.com
> >>>Delivered-To: support@example.com
> >>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
> >>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
> >>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
> >>> by virgo.dns-shield.com (Postfix) with ESMTP
> >>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>Received: from David-PC.alum.mit.edu
> (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
> >>> (authenticated bits=0)
> >>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
> >>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
> >>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
> verify=NOT)
> >>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
> >>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
> >>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
> >>>Date: Thu, 28 Oct 2010 17:23:38 -0400
> >>>To: support@example.com
> >>>From: David Marcus <davidmarcus@alum.mit.edu>
> >>>Subject: Hi
> >>>Mime-Version: 1.0
> >>>Content-Type: text/plain; charset="us-ascii"; format=flowed
> >>>X-Virus-Scanned: OK
> >>>X-Virus-Scanned: OK
> >>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
> >>>
> >>>Hi.
> >>>
> >>>David
> >>>
> >>>
> >>>
> >>>-------------------------------------------
> >>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>>
> >>>Archives: https://www.listbox.com/member/archive/1020/=now
> >>>RSS Feed:
> https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >>>Modify Your Subscription: https://www.listbox.com/member/?&
> >>>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
> >>>Powered by Listbox: http://www.listbox.com
> >>
> >>
> >>
> >>-------------------------------------------
> >>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>
> >>Archives: https://www.listbox.com/member/archive/1020/=now
> >>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
> >>Modify Your Subscription: https://www.listbox.com/member/?&
> >>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
> >>Powered by Listbox: http://www.listbox.com
> >
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >Modify Your Subscription: https://www.listbox.com/member/?&
> >Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
> >Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/
>[http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>Modify Your Subscription:
>https://www.listbox.com/member/?&
>Unsubscribe Now:
>https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 00:51 29/10/2010 Friday, David Marcus wrote:
>My domain is example.com.

irrelevant stuff removed

> DNS has
>
>example.com. 14400 IN TXT "v=spf1 +a +mx -all"

ok no usefull info so far


>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?

again i point out the below would only be useful for determining the receving SPF setup of example

can you send an example mail from a ratingcentral address (to anyone/anywhere-else ) so we could have some useful information about how ratingcentral addresses send mail?

or just tell us how you send mail/plan to send mail as something@example.com

if you do not use the ratingcentral address to send mail, ie it is used only to recieve then the spf record would simply be "v=spf1 -all" (ie no mail will ever be sent from this address)

either way the above spf could be trimmed (if correct)
both + symbols could be removed as they are redundant

the A means allow mail from 69.72.218.66
so write ip4:69.72.218.66 instead

the mx means allow mail from.. mail.example.com which means allow mail from ... 69.72.218.66
so write ip4:69.72.218.66 instead

so the whole thing is a longwinded (and expensive to check)
way of mis-writing "v=spf1 ip4:69.72.218.66 -all"

which would be valid if you send mail from this address to the internet via the machine 69.72.218.66

but as you provide no examples or details of how you actually send mail from support@ratingcentral.org.
we cannot possibly tell if this fixed version of your spf record is correct or reflective of your actual policy



>David
>
>Return-Path: <davidmarcus@alum.mit.edu>
>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id ATP22327;
> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BVQ54291;
> Thu, 28 Oct 2010 17:23:42 -0400
>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>X-Original-To: support@example.com
>Delivered-To: support@example.com
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
> by virgo.dns-shield.com (Postfix) with ESMTP
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
> (authenticated bits=0)
> (User authenticated as davidmarcus@ALUM.MIT.EDU)
> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>Date: Thu, 28 Oct 2010 17:23:38 -0400
>To: support@example.com
>From: David Marcus <davidmarcus@alum.mit.edu>
>Subject: Hi
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"; format=flowed
>X-Virus-Scanned: OK
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>
>Hi.
>
>David
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028220235:98738A68-E300-11DF-B519-79EC4A3287EA
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 02:53 29/10/2010 Friday, David Marcus wrote:
>I'll rephrase the question. I own example.com. The address "support@example.com" receives mail from lots of people. The mail server at example.com forwards the mail to an email address at alum.mit.edu, which then forwards it to an address at rcn.com.



>Is spf for example.com relevant for mail forwarded by example.com? I.e., might alum.mit.edu or rcn.com check the spf for example.com?

no, as originally stated receiver side SPF only checks the senders policy
(not any other 'unknowable to receiver' details)

alum.mit.edu will only check the SPF of the sender (and FAIL)
rcn.com will only check the SPF of the sender (and FAIL)


as originally stated the forwarder doesn't alter the senders address thus is not doing SRS thus all forwarded mail from senders who use SPF , WILL FAIL,
thus the requirement on receivers (you) and their agents (alum.mit.edu) who employ forwarders to whitelist those forwarders (69.72.218.66) from SPF checks
and at the second stage
receivers (you) and their agents (rcn.com) who employ forwarders to whitelist those forwarders (too many to mention according to spf) from SPF checks
OR
switch to using SRS on both your forwarder at 69.72.218.66
so all mail seen by alum.mit.edu appears to pass (as it now comes from a different sender)
and SRS at alum.mit.edu would mean that all mail seen by rcn.com would appears to pass (as it now comes from a different sender)




i can also tell you that (this one example) mail forwarded from ratingcentral comes from

virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])

which is the only possible machine that might be checked by HELO/EHLO SPF checks
(it has no spf, thus it passes, no spf == no restriction)

unfortunately it does fail the simple forged name test as the ptr of that ip is virgo.dns-shield.com
but the ip given by a lookup of virgo.dns-shield.com is 65.98.79.201
(this is a bigger issue than anything in SPF)

but if you do send from xx@ratingcentral by the same mailsystem then your (fixed) spf of
v=spf1 ip4:69.72.218.66 -all

would work (for SPF checks only, as it would fail other anti-forgery tests mentioned above)




>David
>
>P.S. While MIT's spf records are interesting, my only connection with MIT is that I got my Ph.D. there, so I'll let the MIT IT folks worry about their email system.
>
>>At 01:36 29/10/2010 Friday, David Marcus wrote:
>>>I'm sorry, but I don't understand your answer.
>>
>>Im sorry I tried to be clear
>>
>>> In particular, I don't know who "your... as a receiver" refers to.
>>
>>you as the ultimate recipient of the mail
>>(or if you dont control the final receiving mail server, ie if your final receiving address is hosted elsewhere or rented from a 3rd party, they 'on your behalf', usually written as you)
>>
>>same as if i said 'you need to buy X' i don't actually mean you have to you can also send your wife/secretary or any other agent acting on your behalf
>>
>>>I moved my domain to a hosting company. I created the email address "support@example.com" (using the Plesk control panel) and set it to forward the emails to me. I read somewhere about spf. I checked the DNS records and see that my hosting company has set up an spf record for my domain. My question is, is the setup correct? If not, what needs to be changed? I don't know if the hosting company's mail servers check spf nor whether alum.mit.edu or rcn.com are checking spf. I could ask one or all three, if necessary, but first I'd like to know if things are correct, and if not, what is wrong.
>>
>>SPF is used by receivers to check the legitimacy of senders
>>
>>so your either interested in the use of it as a receiver to check mail from others
>>(your forwarding arrangements being relevant)
>>
>>or your interested in knowing about the spf setup of whatever address/servers you send from
>>(in which case you need to include details of what address you send from, and what servers/ip's you send via, and remove all mention of anything confusing like forwarders or incomming messages from the question)
>>
>>if you are not enquiring about how it pertains to your reception of email from others, then simply remove all reference to your forwarding and reception arrangements.
>>
>>and include instead how you send mail, then we (the readers) might be able to quess that you are talking about SPF in the context of how you send mail
>>
>>
>>in case you are talking about outgoing mail, as no details have been given the details available are only based on this mail you just sent so any analysis will be incomplete
>>
>>but looking at your headers
>>
>>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
>> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
>> <spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
>>Received: from David-PC.alum.mit.edu)
>>
>>tells me your mail comes from a server that helo/ehlo's as
>>
>>outgoing-alum.mit.edu which currently has no SPF record
>>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption it has only one ip address)
>>
>>you send from davidmarcus@alum.mit.edu
>>
>>the domain has an spf record of
>>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16 ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
>>
>>this spf record does include the above mailserver (along with 66300 others???)
>>so i do suspect your sending domains spf policy might be larger than entirely necessary, but this mail did pass the SPF policy for your domain
>>
>>one obvious improvement would be to remove the text '/32' form the above as its redundant
>>
>>
>>
>>>David
>>>
>>>>ok first off the question is flawed
>>>>
>>>>if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
>>>>A NOT check any mail from your forwarder-provider for SPF
>>>>B better to check only the pre-forwarder ip against the senders spf record
>>>>
>>>>as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)
>>>>
>>>>you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
>>>>-------------------------
>>>>additional, some forwarders (not yours in example given) do get around this requirement by using SRS
>>>>SRS == sender rewriting system
>>>>
>>>>ie sender sends mail from sender@original to forwarder
>>>>forwarder sends mail to you with altered from of sender+original@forwarders-domain
>>>>thus mail arriving always passes SPF as its using an envelope of xxx@forwarders-domain
>>>>
>>>>this is at best a hack to get round badly setup receiving software,
>>>>one that works well and should be offererd (optionally) by all forwarders,
>>>>but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender
>>>>
>>>>thus forcing you to effectively take option A and making option B impossible
>>>>----------------
>>>>
>>>>
>>>>
>>>>
>>>>At 00:51 29/10/2010 Friday, David Marcus wrote:
>>>>>My domain is example.com. I have support@example.com set to forward my messages to davidmarcus@alum.mit.edu (which in turn forwards to david.marcus.phd@rcn.com). DNS has
>>>>>
>>>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>>>>>
>>>>>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?
>>>>>
>>>>>David
>>>>>
>>>>>Return-Path: <davidmarcus@alum.mit.edu>
>>>>>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
>>>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
>>>>> with ESMTP id ATP22327;
>>>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>>>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
>>>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
>>>>> with ESMTP id BVQ54291;
>>>>> Thu, 28 Oct 2010 17:23:42 -0400
>>>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
>>>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>>>>>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
>>>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
>>>>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>>>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>>>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>>>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>X-No-Auth: unauthenticated sender
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
>>>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>X-Original-To: support@example.com
>>>>>Delivered-To: support@example.com
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
>>>>> (authenticated bits=0)
>>>>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
>>>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
>>>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>>>>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>>>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>>>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
>>>>>To: support@example.com
>>>>>From: David Marcus <davidmarcus@alum.mit.edu>
>>>>>Subject: Hi
>>>>>Mime-Version: 1.0
>>>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
>>>>>X-Virus-Scanned: OK
>>>>>X-Virus-Scanned: OK
>>>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>>>>>
>>>>>Hi.
>>>>>
>>>>>David
>>>>>
>>>>>
>>>>>
>>>>>-------------------------------------------
>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>
>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>>>>>Powered by Listbox: http://www.listbox.com
>>>>
>>>>
>>>>
>>>>-------------------------------------------
>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>
>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028223139:A775F498-E304-11DF-9890-C66C631276BD
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 02:53 29/10/2010 Friday, David Marcus wrote:
>I'll rephrase the question. I own example.com. The address "support@example.com" receives mail from lots of people. The mail server at example.com forwards the mail to an email address at alum.mit.edu, which then forwards it to an address at rcn.com. Is spf for example.com relevant for mail forwarded by example.com? I.e., might alum.mit.edu or rcn.com check the spf for example.com?

the actual question your asking is

Is spf for example.com relevant for mail sent 'from lots of people'
the answer is no

the reciever (person checking spf) has only 4 pieces of information

the sender someone@example.com, the ip its coming from 69.72.218.66, the name that server 'claimed to be' virgo.dns-shield.com, the recipient address davidmarcus@alum.mit.edu

so no it couldn't possibly have any idea that the mail has anything to do with the domain ratingcentral.com, how could it?




>David
>
>P.S. While MIT's spf records are interesting, my only connection with MIT is that I got my Ph.D. there, so I'll let the MIT IT folks worry about their email system.
>
>>At 01:36 29/10/2010 Friday, David Marcus wrote:
>>>I'm sorry, but I don't understand your answer.
>>
>>Im sorry I tried to be clear
>>
>>> In particular, I don't know who "your... as a receiver" refers to.
>>
>>you as the ultimate recipient of the mail
>>(or if you dont control the final receiving mail server, ie if your final receiving address is hosted elsewhere or rented from a 3rd party, they 'on your behalf', usually written as you)
>>
>>same as if i said 'you need to buy X' i don't actually mean you have to you can also send your wife/secretary or any other agent acting on your behalf
>>
>>>I moved my domain to a hosting company. I created the email address "support@example.com" (using the Plesk control panel) and set it to forward the emails to me. I read somewhere about spf. I checked the DNS records and see that my hosting company has set up an spf record for my domain. My question is, is the setup correct? If not, what needs to be changed? I don't know if the hosting company's mail servers check spf nor whether alum.mit.edu or rcn.com are checking spf. I could ask one or all three, if necessary, but first I'd like to know if things are correct, and if not, what is wrong.
>>
>>SPF is used by receivers to check the legitimacy of senders
>>
>>so your either interested in the use of it as a receiver to check mail from others
>>(your forwarding arrangements being relevant)
>>
>>or your interested in knowing about the spf setup of whatever address/servers you send from
>>(in which case you need to include details of what address you send from, and what servers/ip's you send via, and remove all mention of anything confusing like forwarders or incomming messages from the question)
>>
>>if you are not enquiring about how it pertains to your reception of email from others, then simply remove all reference to your forwarding and reception arrangements.
>>
>>and include instead how you send mail, then we (the readers) might be able to quess that you are talking about SPF in the context of how you send mail
>>
>>
>>in case you are talking about outgoing mail, as no details have been given the details available are only based on this mail you just sent so any analysis will be incomplete
>>
>>but looking at your headers
>>
>>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
>> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
>> <spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
>>Received: from David-PC.alum.mit.edu)
>>
>>tells me your mail comes from a server that helo/ehlo's as
>>
>>outgoing-alum.mit.edu which currently has no SPF record
>>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption it has only one ip address)
>>
>>you send from davidmarcus@alum.mit.edu
>>
>>the domain has an spf record of
>>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16 ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
>>
>>this spf record does include the above mailserver (along with 66300 others???)
>>so i do suspect your sending domains spf policy might be larger than entirely necessary, but this mail did pass the SPF policy for your domain
>>
>>one obvious improvement would be to remove the text '/32' form the above as its redundant
>>
>>
>>
>>>David
>>>
>>>>ok first off the question is flawed
>>>>
>>>>if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
>>>>A NOT check any mail from your forwarder-provider for SPF
>>>>B better to check only the pre-forwarder ip against the senders spf record
>>>>
>>>>as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)
>>>>
>>>>you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
>>>>-------------------------
>>>>additional, some forwarders (not yours in example given) do get around this requirement by using SRS
>>>>SRS == sender rewriting system
>>>>
>>>>ie sender sends mail from sender@original to forwarder
>>>>forwarder sends mail to you with altered from of sender+original@forwarders-domain
>>>>thus mail arriving always passes SPF as its using an envelope of xxx@forwarders-domain
>>>>
>>>>this is at best a hack to get round badly setup receiving software,
>>>>one that works well and should be offererd (optionally) by all forwarders,
>>>>but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender
>>>>
>>>>thus forcing you to effectively take option A and making option B impossible
>>>>----------------
>>>>
>>>>
>>>>
>>>>
>>>>At 00:51 29/10/2010 Friday, David Marcus wrote:
>>>>>My domain is example.com. I have support@example.com set to forward my messages to davidmarcus@alum.mit.edu (which in turn forwards to david.marcus.phd@rcn.com). DNS has
>>>>>
>>>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>>>>>
>>>>>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?
>>>>>
>>>>>David
>>>>>
>>>>>Return-Path: <davidmarcus@alum.mit.edu>
>>>>>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
>>>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
>>>>> with ESMTP id ATP22327;
>>>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>>>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
>>>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
>>>>> with ESMTP id BVQ54291;
>>>>> Thu, 28 Oct 2010 17:23:42 -0400
>>>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
>>>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>>>>>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
>>>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
>>>>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>>>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>>>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>>>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>X-No-Auth: unauthenticated sender
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
>>>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>X-Original-To: support@example.com
>>>>>Delivered-To: support@example.com
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
>>>>> by virgo.dns-shield.com (Postfix) with ESMTP
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
>>>>> (authenticated bits=0)
>>>>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
>>>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
>>>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>>>>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>>>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>>>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
>>>>>To: support@example.com
>>>>>From: David Marcus <davidmarcus@alum.mit.edu>
>>>>>Subject: Hi
>>>>>Mime-Version: 1.0
>>>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
>>>>>X-Virus-Scanned: OK
>>>>>X-Virus-Scanned: OK
>>>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>>>>>
>>>>>Hi.
>>>>>
>>>>>David
>>>>>
>>>>>
>>>>>
>>>>>-------------------------------------------
>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>
>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>>>>>Powered by Listbox: http://www.listbox.com
>>>>
>>>>
>>>>
>>>>-------------------------------------------
>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>
>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028224138:0C9760EA-E306-11DF-8CAF-AA3199303823
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
OK. I missed the fact that the mail server is identifying itself as
virgo.dns-shield.com, not example.com. Thanks.

Here is a sample email that I send from example.com using a
PHP script. This is the only way I send email from the domain.

Return-Path: <apache@virgo.dns-shield.com>
Received: from mr21.lnh.mail.rcn.net (EHLO mr21.lnh.mail.rcn.net)
([207.172.157.191])
by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
with ESMTP id ATP93953;
Thu, 28 Oct 2010 22:51:24 -0400 (EDT)
Received: from mx02.lnh.mail.rcn.net (mx02.lnh.mail.rcn.net [207.172.157.52])
by mr21.lnh.mail.rcn.net (MOS 4.1.9-GA)
with ESMTP id BEX23076;
Thu, 28 Oct 2010 22:51:24 -0400
Received: from alum-mailsec-relay-12.mit.edu ([18.7.68.32])
by mx02.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 22:51:24 -0400
Received: from alum-mailsec-scanner-3.mit.edu
(ALUM-MAILSEC-SCANNER-3.MIT.EDU [18.7.68.14])
by alum-mailsec-relay-12.mit.edu (8.13.8/8.12.8) with ESMTP id
o9T2pN8F031186
for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400
X-AuditID: 1207440e-b7cd2ae0000068eb-d9-4cca36ab8891
Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
by alum-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway)
with SMTP id BC.2D.26859.BA63ACC4; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id 2CD3322C47C
for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
X-No-Auth: unauthenticated sender
Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
by virgo.dns-shield.com (Postfix) with ESMTP id 18B6A22C47B
for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
Received: by virgo.dns-shield.com (Postfix, from userid 48)
id 0DBFC22C47C; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
To: davidmarcus@alum.mit.edu
Subject: Test
X-PHP-Originating-Script: 10825:EmailStuff.php
From: "Ratings Central" <support@example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Message-Id: <20101029025123.0DBFC22C47C@virgo.dns-shield.com>
Date: Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
X-Virus-Scanned: OK
X-Brightmail-Tracker: AAAAARZ9Apc=
X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net

Hello

David

>At 02:53 29/10/2010 Friday, David Marcus wrote:
> >I'll rephrase the question. I own example.com. The address
> "support@example.com" receives mail from lots of people. The
> mail server at example.com forwards the mail to an email
> address at alum.mit.edu, which then forwards it to an address at
> rcn.com. Is spf for example.com relevant for mail forwarded
> by example.com? I.e., might alum.mit.edu or rcn.com check
> the spf for example.com?
>
>the actual question your asking is
>
>Is spf for example.com relevant for mail sent 'from lots of people'
>the answer is no
>
>the reciever (person checking spf) has only 4 pieces of information
>
>the sender someone@example.com, the ip its coming from 69.72.218.66,
>the name that server 'claimed to be' virgo.dns-shield.com, the
>recipient address davidmarcus@alum.mit.edu
>
>so no it couldn't possibly have any idea that the mail has anything
>to do with the domain ratingcentral.com, how could it?
>
>
>
>
> >David
> >
> >P.S. While MIT's spf records are interesting, my only connection
> with MIT is that I got my Ph.D. there, so I'll let the MIT IT folks
> worry about their email system.
> >
> >>At 01:36 29/10/2010 Friday, David Marcus wrote:
> >>>I'm sorry, but I don't understand your answer.
> >>
> >>Im sorry I tried to be clear
> >>
> >>> In particular, I don't know who "your... as a receiver" refers to.
> >>
> >>you as the ultimate recipient of the mail
> >>(or if you dont control the final receiving mail server, ie if
> your final receiving address is hosted elsewhere or rented from a
> 3rd party, they 'on your behalf', usually written as you)
> >>
> >>same as if i said 'you need to buy X' i don't actually mean you
> have to you can also send your wife/secretary or any other agent
> acting on your behalf
> >>
> >>>I moved my domain to a hosting company. I created the email
> address "support@example.com" (using the Plesk control
> panel) and set it to forward the emails to me. I read somewhere
> about spf. I checked the DNS records and see that my hosting
> company has set up an spf record for my domain. My question is, is
> the setup correct? If not, what needs to be changed? I don't know
> if the hosting company's mail servers check spf nor whether
> alum.mit.edu or rcn.com are checking spf. I could ask one or all
> three, if necessary, but first I'd like to know if things are
> correct, and if not, what is wrong.
> >>
> >>SPF is used by receivers to check the legitimacy of senders
> >>
> >>so your either interested in the use of it as a receiver to check
> mail from others
> >>(your forwarding arrangements being relevant)
> >>
> >>or your interested in knowing about the spf setup of whatever
> address/servers you send from
> >>(in which case you need to include details of what address you
> send from, and what servers/ip's you send via, and remove all
> mention of anything confusing like forwarders or incomming messages
> from the question)
> >>
> >>if you are not enquiring about how it pertains to your reception
> of email from others, then simply remove all reference to your
> forwarding and reception arrangements.
> >>
> >>and include instead how you send mail, then we (the readers)
> might be able to quess that you are talking about SPF in the
> context of how you send mail
> >>
> >>
> >>in case you are talking about outgoing mail, as no details have
> been given the details available are only based on this mail you
> just sent so any analysis will be incomplete
> >>
> >>but looking at your headers
> >>
> >>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU
> [18.7.68.33]) by
> >> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
> >> <spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
> >>Received: from David-PC.alum.mit.edu)
> >>
> >>tells me your mail comes from a server that helo/ehlo's as
> >>
> >>outgoing-alum.mit.edu which currently has no SPF record
> >>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the
> assumption it has only one ip address)
> >>
> >>you send from davidmarcus@alum.mit.edu
> >>
> >>the domain has an spf record of
> >>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16
> ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
> >>
> >>this spf record does include the above mailserver (along with
> 66300 others???)
> >>so i do suspect your sending domains spf policy might be larger
> than entirely necessary, but this mail did pass the SPF policy for your domain
> >>
> >>one obvious improvement would be to remove the text '/32' form
> the above as its redundant
> >>
> >>
> >>
> >>>David
> >>>
> >>>>ok first off the question is flawed
> >>>>
> >>>>if you have address's setup to forward inbound mail to you, it
> is your duty as a receiver to either
> >>>>A NOT check any mail from your forwarder-provider for SPF
> >>>>B better to check only the pre-forwarder ip against the senders
> spf record
> >>>>
> >>>>as obviously it will be from whoever the original sender was
> (and their SPF will not list your forwarder as that would be INSANE)
> >>>>
> >>>>you as the owner/subscriber/user of the forwarder have this
> duty alone, if your server lacks the facility to whitelist ips from
> spf checks then either dont use it or the forwarder
> >>>>-------------------------
> >>>>additional, some forwarders (not yours in example given) do get
> around this requirement by using SRS
> >>>>SRS == sender rewriting system
> >>>>
> >>>>ie sender sends mail from sender@original to forwarder
> >>>>forwarder sends mail to you with altered from of
> sender+original@forwarders-domain
> >>>>thus mail arriving always passes SPF as its using an envelope
> of xxx@forwarders-domain
> >>>>
> >>>>this is at best a hack to get round badly setup receiving software,
> >>>>one that works well and should be offererd (optionally) by all
> forwarders,
> >>>>but if used makes SPF checking any mail from the forwarder
> entirely pointless as it will always pass and you never see the original sender
> >>>>
> >>>>thus forcing you to effectively take option A and making option
> B impossible
> >>>>----------------
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>At 00:51 29/10/2010 Friday, David Marcus wrote:
> >>>>>My domain is example.com. I have
> support@example.com set to forward my messages to
> davidmarcus@alum.mit.edu (which in turn forwards to
> david.marcus.phd@rcn.com). DNS has
> >>>>>
> >>>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
> >>>>>
> >>>>>I sent an email from davidmarcus@alum.mit.edu to
> support@example.com. See below. Are the headers correct for spf?
> >>>>>
> >>>>>David
> >>>>>
> >>>>>Return-Path: <davidmarcus@alum.mit.edu>
> >>>>>Received: from mr18.lnh.mail.rcn.net (EHLO
> mr18.lnh.mail.rcn.net) ([207.172.157.38])
> >>>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> >>>>> with ESMTP id ATP22327;
> >>>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
> >>>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net
> [207.172.157.59])
> >>>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
> >>>>> with ESMTP id BVQ54291;
> >>>>> Thu, 28 Oct 2010 17:23:42 -0400
> >>>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
> >>>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
> >>>>>Received: from alum-mailsec-scanner-1.mit.edu
> (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
> >>>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with
> ESMTP id o9SLLBlj024993
> >>>>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct
> 2010 17:23:40 -0400
> >>>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
> >>>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com
> [69.72.218.66])
> >>>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail
> Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010
> 17:23:40 -0400 (EDT)
> >>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
> >>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>>>X-No-Auth: unauthenticated sender
> >>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
> >>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> >>>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
> >>>>>X-Original-To: support@example.com
> >>>>>Delivered-To: support@example.com
> >>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
> >>>>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> >>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
> >>>>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU
> [18.7.68.33])
> >>>>> by virgo.dns-shield.com (Postfix) with ESMTP
> >>>>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400 (EDT)
> >>>>>Received: from David-PC.alum.mit.edu
> (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
> >>>>> (authenticated bits=0)
> >>>>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
> >>>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id
> o9SLNcW0019029
> >>>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA
> bits=256 verify=NOT)
> >>>>> for <support@example.com>; Thu, 28 Oct 2010
> 17:23:39 -0400
> >>>>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
> >>>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
> >>>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
> >>>>>To: support@example.com
> >>>>>From: David Marcus <davidmarcus@alum.mit.edu>
> >>>>>Subject: Hi
> >>>>>Mime-Version: 1.0
> >>>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
> >>>>>X-Virus-Scanned: OK
> >>>>>X-Virus-Scanned: OK
> >>>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
> >>>>>
> >>>>>Hi.
> >>>>>
> >>>>>David
> >>>>>
> >>>>>
> >>>>>
> >>>>>-------------------------------------------
> >>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>>>>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>>>>
> >>>>>Archives: https://www.listbox.com/member/archive/1020/=now
> >>>>>RSS Feed:
> https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >>>>>Modify Your Subscription: https://www.listbox.com/member/?&
> >>>>>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
> >>>>>Powered by Listbox: http://www.listbox.com
> >>>>
> >>>>
> >>>>
> >>>>-------------------------------------------
> >>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>>>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>>>
> >>>>Archives: https://www.listbox.com/member/archive/1020/=now
> >>>>RSS Feed:
> https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
> >>>>Modify Your Subscription: https://www.listbox.com/member/?&
> >>>>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
> >>>>Powered by Listbox: http://www.listbox.com
> >>>
> >>>
> >>>
> >>>-------------------------------------------
> >>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>>
> >>>Archives: https://www.listbox.com/member/archive/1020/=now
> >>>RSS Feed:
> https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >>>Modify Your Subscription: https://www.listbox.com/member/?&
> >>>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
> >>>Powered by Listbox: http://www.listbox.com
> >>
> >>
> >>
> >>-------------------------------------------
> >>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >>Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >>
> >>Archives: https://www.listbox.com/member/archive/1020/=now
> >>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
> >>Modify Your Subscription: https://www.listbox.com/member/?&
> >>Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
> >>Powered by Listbox: http://www.listbox.com
> >
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
> >Modify Your Subscription: https://www.listbox.com/member/?&
> >Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
> >Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/
>[http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>Modify Your Subscription:
>https://www.listbox.com/member/?&
>Unsubscribe Now:
>https://www.listbox.com/unsubscribe/?&&post_id=20101028224138:0C9760EA-E306-11DF-8CAF-AA3199303823
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101028225536:FFDBC4E8-E307-11DF-8910-9ED175D2CD1C
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 03:55 29/10/2010 Friday, David Marcus wrote:
>OK. I missed the fact that the mail server is identifying itself as virgo.dns-shield.com, not example.com. Thanks.

and till that name points to that ip it will be smelling of forgery


>Here is a sample email that I send from example.com using a PHP script. This is the only way I send email from the domain.

again not sent from ratingcentral

sent from <apache@virgo.dns-shield.com>

the php is miss written or the apache user dosn't have permission to set the from address in the message envelope

(the from address in the
From:
line is irrelevant and could be anything as far as mailservers and SPF is concerned its just text)

the mail function call in php is

mail($mail_to, $mail_subject, $mail_message, $mail_header, "-f $mail_email")

the -f something@somethingelse

defines the envelope-sender or from address

(at least this is how its done if you have sendmail exim or any mta i have seen, and the mta is configured to trust the apache user)

>Return-Path: <apache@virgo.dns-shield.com>
>Received: from mr21.lnh.mail.rcn.net (EHLO mr21.lnh.mail.rcn.net) ([207.172.157.191])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id ATP93953;
> Thu, 28 Oct 2010 22:51:24 -0400 (EDT)
>Received: from mx02.lnh.mail.rcn.net (mx02.lnh.mail.rcn.net [207.172.157.52])
> by mr21.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BEX23076;
> Thu, 28 Oct 2010 22:51:24 -0400
>Received: from alum-mailsec-relay-12.mit.edu ([18.7.68.32])
> by mx02.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 22:51:24 -0400
>Received: from alum-mailsec-scanner-3.mit.edu (ALUM-MAILSEC-SCANNER-3.MIT.EDU [18.7.68.14])
> by alum-mailsec-relay-12.mit.edu (8.13.8/8.12.8) with ESMTP id o9T2pN8F031186
> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400
>X-AuditID: 1207440e-b7cd2ae0000068eb-d9-4cca36ab8891
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway) with SMTP id BC.2D.26859.BA63ACC4; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 2CD3322C47C
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 18B6A22C47B
> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 48)
> id 0DBFC22C47C; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>To: davidmarcus@alum.mit.edu
>Subject: Test
>X-PHP-Originating-Script: 10825:EmailStuff.php
>From: "Ratings Central" <support@example.com>
>MIME-Version: 1.0
>Content-Type: text/plain; charset=ISO-8859-1
>Message-Id: <20101029025123.0DBFC22C47C@virgo.dns-shield.com>
>Date: Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAARZ9Apc=
>X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>
>Hello
>
>David
>
>>At 02:53 29/10/2010 Friday, David Marcus wrote:
>>>I'll rephrase the question. I own example.com. The address "support@example.com" receives mail from lots of people. The mail server at example.com forwards the mail to an email address at alum.mit.edu, which then forwards it to an address at rcn.com. Is spf for example.com relevant for mail forwarded by example.com? I.e., might alum.mit.edu or rcn.com check the spf for example.com?
>>
>>the actual question your asking is
>>
>>Is spf for example.com relevant for mail sent 'from lots of people'
>>the answer is no
>>
>>the reciever (person checking spf) has only 4 pieces of information
>>
>>the sender someone@example.com, the ip its coming from 69.72.218.66, the name that server 'claimed to be' virgo.dns-shield.com, the recipient address davidmarcus@alum.mit.edu
>>
>>so no it couldn't possibly have any idea that the mail has anything to do with the domain ratingcentral.com, how could it?
>>
>>
>>
>>
>>>David
>>>
>>>P.S. While MIT's spf records are interesting, my only connection with MIT is that I got my Ph.D. there, so I'll let the MIT IT folks worry about their email system.
>>>
>>>>At 01:36 29/10/2010 Friday, David Marcus wrote:
>>>>>I'm sorry, but I don't understand your answer.
>>>>
>>>>Im sorry I tried to be clear
>>>>
>>>>> In particular, I don't know who "your... as a receiver" refers to.
>>>>
>>>>you as the ultimate recipient of the mail
>>>>(or if you dont control the final receiving mail server, ie if your final receiving address is hosted elsewhere or rented from a 3rd party, they 'on your behalf', usually written as you)
>>>>
>>>>same as if i said 'you need to buy X' i don't actually mean you have to you can also send your wife/secretary or any other agent acting on your behalf
>>>>
>>>>>I moved my domain to a hosting company. I created the email address "support@example.com" (using the Plesk control panel) and set it to forward the emails to me. I read somewhere about spf. I checked the DNS records and see that my hosting company has set up an spf record for my domain. My question is, is the setup correct? If not, what needs to be changed? I don't know if the hosting company's mail servers check spf nor whether alum.mit.edu or rcn.com are checking spf. I could ask one or all three, if necessary, but first I'd like to know if things are correct, and if not, what is wrong.
>>>>
>>>>SPF is used by receivers to check the legitimacy of senders
>>>>
>>>>so your either interested in the use of it as a receiver to check mail from others
>>>>(your forwarding arrangements being relevant)
>>>>
>>>>or your interested in knowing about the spf setup of whatever address/servers you send from
>>>>(in which case you need to include details of what address you send from, and what servers/ip's you send via, and remove all mention of anything confusing like forwarders or incomming messages from the question)
>>>>
>>>>if you are not enquiring about how it pertains to your reception of email from others, then simply remove all reference to your forwarding and reception arrangements.
>>>>
>>>>and include instead how you send mail, then we (the readers) might be able to quess that you are talking about SPF in the context of how you send mail
>>>>
>>>>
>>>>in case you are talking about outgoing mail, as no details have been given the details available are only based on this mail you just sent so any analysis will be incomplete
>>>>
>>>>but looking at your headers
>>>>
>>>>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
>>>> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
>>>> <spf-help@listbox.com>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
>>>>Received: from David-PC.alum.mit.edu)
>>>>
>>>>tells me your mail comes from a server that helo/ehlo's as
>>>>
>>>>outgoing-alum.mit.edu which currently has no SPF record
>>>>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption it has only one ip address)
>>>>
>>>>you send from davidmarcus@alum.mit.edu
>>>>
>>>>the domain has an spf record of
>>>>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16 ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
>>>>
>>>>this spf record does include the above mailserver (along with 66300 others???)
>>>>so i do suspect your sending domains spf policy might be larger than entirely necessary, but this mail did pass the SPF policy for your domain
>>>>
>>>>one obvious improvement would be to remove the text '/32' form the above as its redundant
>>>>
>>>>
>>>>
>>>>>David
>>>>>
>>>>>>ok first off the question is flawed
>>>>>>
>>>>>>if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
>>>>>>A NOT check any mail from your forwarder-provider for SPF
>>>>>>B better to check only the pre-forwarder ip against the senders spf record
>>>>>>
>>>>>>as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)
>>>>>>
>>>>>>you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
>>>>>>-------------------------
>>>>>>additional, some forwarders (not yours in example given) do get around this requirement by using SRS
>>>>>>SRS == sender rewriting system
>>>>>>
>>>>>>ie sender sends mail from sender@original to forwarder
>>>>>>forwarder sends mail to you with altered from of sender+original@forwarders-domain
>>>>>>thus mail arriving always passes SPF as its using an envelope of xxx@forwarders-domain
>>>>>>
>>>>>>this is at best a hack to get round badly setup receiving software,
>>>>>>one that works well and should be offererd (optionally) by all forwarders,
>>>>>>but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender
>>>>>>
>>>>>>thus forcing you to effectively take option A and making option B impossible
>>>>>>----------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>At 00:51 29/10/2010 Friday, David Marcus wrote:
>>>>>>>My domain is example.com. I have support@example.com set to forward my messages to davidmarcus@alum.mit.edu (which in turn forwards to david.marcus.phd@rcn.com). DNS has
>>>>>>>
>>>>>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>>>>>>>
>>>>>>>I sent an email from davidmarcus@alum.mit.edu to support@example.com. See below. Are the headers correct for spf?
>>>>>>>
>>>>>>>David
>>>>>>>
>>>>>>>Return-Path: <davidmarcus@alum.mit.edu>
>>>>>>>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
>>>>>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
>>>>>>> with ESMTP id ATP22327;
>>>>>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>>>>>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
>>>>>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
>>>>>>> with ESMTP id BVQ54291;
>>>>>>> Thu, 28 Oct 2010 17:23:42 -0400
>>>>>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
>>>>>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>>>>>>>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
>>>>>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
>>>>>>> for <davidmarcus@alum-mailsec.mit.edu>; Thu, 28 Oct 2010 17:23:40 -0400
>>>>>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>>>>>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>>>>>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
>>>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>X-No-Auth: unauthenticated sender
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
>>>>>>> for <davidmarcus@alum.mit.edu>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
>>>>>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>X-Original-To: support@example.com
>>>>>>>Delivered-To: support@example.com
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
>>>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
>>>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP
>>>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
>>>>>>> (authenticated bits=0)
>>>>>>> (User authenticated as davidmarcus@ALUM.MIT.EDU)
>>>>>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
>>>>>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
>>>>>>> for <support@example.com>; Thu, 28 Oct 2010 17:23:39 -0400
>>>>>>>Message-Id: <201010282123.o9SLNcW0019029@outgoing-alum.mit.edu>
>>>>>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>>>>>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
>>>>>>>To: support@example.com
>>>>>>>From: David Marcus <davidmarcus@alum.mit.edu>
>>>>>>>Subject: Hi
>>>>>>>Mime-Version: 1.0
>>>>>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
>>>>>>>X-Virus-Scanned: OK
>>>>>>>X-Virus-Scanned: OK
>>>>>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>>>>>>>
>>>>>>>Hi.
>>>>>>>
>>>>>>>David
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>-------------------------------------------
>>>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>>>
>>>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>>>>>>>Powered by Listbox: http://www.listbox.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>-------------------------------------------
>>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>>
>>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>>>>>>Powered by Listbox: http://www.listbox.com
>>>>>
>>>>>
>>>>>
>>>>>-------------------------------------------
>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>
>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
>>>>>Powered by Listbox: http://www.listbox.com
>>>>
>>>>
>>>>
>>>>-------------------------------------------
>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>
>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
>>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028224138:0C9760EA-E306-11DF-8CAF-AA3199303823
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028225536:FFDBC4E8-E307-11DF-8910-9ED175D2CD1C
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101029001616:450305F8-E313-11DF-BAFE-F088ABE95EFE
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
>I'm sending this to test your spf/forwarding questions you asked on the
>spf-help mailing list (It's a better test that using your own domain
>since i'm a good example of a 3rd party emailing
>support@example.com).
>
>Please send the full headers from this message to spf-help so we can see
>if there are any problems.

Headers are below. I haven't yet asked the hosting company to fix the
ptr record for virgo.dns-shield.com.

David

>Return-Path: <jasper@pointless.net>
>Received: from mr21.lnh.mail.rcn.net (EHLO mr21.lnh.mail.rcn.net)
>([207.172.157.191])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id AUA40675;
> Mon, 01 Nov 2010 17:38:50 -0400 (EDT)
>Received: from mx10.lnh.mail.rcn.net (mx10.lnh.mail.rcn.net [207.172.157.60])
> by mr21.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BFL00364;
> Mon, 1 Nov 2010 17:38:49 -0400
>Received: from alum-mailsec-relay-12.mit.edu ([18.7.68.32])
> by mx10.lnh.mail.rcn.net with ESMTP; 01 Nov 2010 17:38:49 -0400
>Received: from alum-mailsec-scanner-7.mit.edu
>(ALUM-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.19])
> by alum-mailsec-relay-12.mit.edu (8.13.8/8.12.8) with ESMTP id
> oA1LcjDH013794
> for <davidmarcus@alum-mailsec.mit.edu>; Mon, 1 Nov 2010 17:38:49 -0400
>X-AuditID: 12074413-b7c1dae0000003bd-f0-4ccf336b0cd2
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-7.mit.edu (Symantec Brightmail Gateway)
> with SMTP id 03.DD.00957.B633FCC4; Mon, 1 Nov 2010 17:38:51 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 8D8B022C48A
> for <davidmarcus@alum.mit.edu>; Mon, 1 Nov 2010 17:38:48 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 794A522C3C8
> for <davidmarcus@alum.mit.edu>; Mon, 1 Nov 2010 17:38:48 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> id 6E05622C48B; Mon, 1 Nov 2010 17:38:48 -0400 (EDT)
>X-Original-To: support@example.com
>Delivered-To: support@example.com
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 5A90622C48A
> for <support@example.com>; Mon, 1 Nov 2010 17:38:48 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 2363C22C3C8
> for <support@example.com>; Mon, 1 Nov 2010 17:38:48 -0400 (EDT)
>Received: from thingy.pointless.net (thingy.pointless.net [91.209.244.43])
> by virgo.dns-shield.com (Postfix) with ESMTP
> for <support@example.com>; Mon, 1 Nov 2010 17:38:47 -0400 (EDT)
>DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
>d=pointless.net; s=main;
> h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date;
> bh=78d8zrBxDrfEK93CMKApTaOV726Zon3+YgRJixQXrfE=;
>
>b=omnAPW/VZLQF+oMehJVC6fHpKci09ERpPKns+Q9Nrs9DkKDlp6zT+27pvltMBuEOTfFF1HEEfgAwlOcNBG2RND8b8gy6G3oWCJZQW8crYNr49kGL9E56+xZfhz6tj0RIoC0qSh8n2wGbX6zhE4To1lMAD8otHIeUDweqxYnhXTE=;
>Received: from skeleton2.london.iofc.org ([62.49.196.35]:38764
>helo=pc44.london.iofc.org)
> by thingy.pointless.net with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
> (Exim 4.71)
> (envelope-from <jasper@pointless.net>)
> id 1PD25V-0002aj-Kg
> for support@example.com; Mon, 01 Nov 2010 21:38:45 +0000
>Date: Mon, 1 Nov 2010 21:38:45 +0000 (GMT)
>From: Jasper Wallace <jasper@pointless.net>
>X-X-Sender: jasper@limpit
>To: support@example.com
>Subject: spf-help spf test email
>Message-ID: <alpine.DEB.2.00.1011012136540.4558@yvzcvg>
>User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
>X-OpenPGP-Key-ID: 0x2ECA0975
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>X-Virus-Scanned: OK
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAARZ9Ayg=
>X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>
>
>Hi,
>
>I'm sending this to test your spf/forwarding questions you asked on the
>spf-help mailing list (It's a better test that using your own domain
>since i'm a good example of a 3rd party emailing
>support@example.com).
>
>Please send the full headers from this message to spf-help so we can see
>if there are any problems.
>
>--
>[http://pointless.net/] [0x2ECA0975]



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101101180146:9D77B1A0-E603-11DF-B27D-A6EF7686063E
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
On Thu, 28 Oct 2010, David Marcus wrote:

> I'm sorry, but I don't understand your answer. In particular, I don't know who
> "your... as a receiver" refers to.
>
> I moved my domain to a hosting company. I created the email address
> "support@example.com" (using the Plesk control panel) and set it to
> forward the emails to me. I read somewhere about spf. I checked the DNS
> records and see that my hosting company has set up an spf record for my
> domain. My question is, is the setup correct? If not, what needs to be
> changed? I don't know if the hosting company's mail servers check spf nor
> whether alum.mit.edu or rcn.com are checking spf. I could ask one or all
> three, if necessary, but first I'd like to know if things are correct, and if
> not, what is wrong.

Hi,

[oh boy, this really turned into an essay, oh well].

I think there's some confusion flying around, so hopefully 2nd opinion will
help clarify things, or maybe just make them more confused!.

Anyway, here goes with a concrete example, in this example the
example.com, alum.mit.edu and rcn.com all check SPF records and
example.com and alum.mit.edu forward email with the same smtp
envelope from as the origonal sender (that is they don't do SRS).

This is the worst case example (i.e. everything goes wrong).

fred@example.com wants help with example.com so he emails
support@example.com.

The example.com mail server receives fred's email and looks to see
if example.com has an spf record, it does so the example.com mail
server checks the ip that the fred@example.com email is coming from
against the example.com SPF record notes that it passes and so the
example.com mail server accepts fred's email.

Since the example.com mail server does NOT do SRS when it forwards
email the example.com mail server keeps the fred@example.com smtp
envelope from and uses it when it forwards the email to
davidmarcus@alum.mit.edu.

The alum.mit.edu notes the fred@example.com smtp envelope from in the
email it's receiving from the example.com mail server and checks to
see if the example.com domain has an SPF record. example.com has an SPF
record so the alum.mit.edu mail server checks the ip of the
example.com mail server against the example.com SPF record.

The example.com mail server is NOT listed in the example.com SPF
record so the alum.mit.edu mail server rejects the email.

----------------------------------------------------------

So, the above is the classic 'SPF forwarding problem' the underlying issue
is that traditional email forwarding preserves the SMTP envelope from, and
so you end up with a situation that from SPF's point of view is
indistiguisable from a spammer spamming.

Not that the example.com SPF record is not used at all in this
exchange, only the origonal senders spf record is relevent (in this case
example.com)

----------------------------------------------------------

To answer your questions a bit better:

As far as i can tell from the headers you posted there is no evidence that
alum.mit.edu or rcn.com are doing spf checks (that dosn't mean they arn't
e.g. they might be putting the spf results into some kind of anti spam
scoring system), as long as they don't carry out spf checks you're safe to
carry on forwarding. However you'd be living with a time bomb, if they do
start checking and bouncing failures you will lose some email.

(This isn't entirely bad since the sender will get an error saying
something like 'spf failure when trying to send to
davidmarcus@alum.mit.edu', the sender may be clueful enough to realise
that they can send the email straight to davidmarcus@alum.mit.edu and
it will get through, of course you may not want to revel the email
address behind support@example.com!).

At this point you have several choices:

1) Do nothing

Things will work as they do now, this is the eaisest and quickest option,
but you may need to fix things in a hurry when alum.mit.edu or rcn.com start
checking spf records

2) implement SRS on example.com

The Sender Re-writing Scheme would re-write the fred@example.com smtp
envelope from to SRS0=43JZCV=SC=example.com=fred@example.com,
(the random characters are an encrypted time stamp to prevent replay
attacks and stop your server becoming an open relay), now from SPF's point
of view the email is coming from the example.com domain and so
would pass the email since the ratingscenteal.com mail server is allowed
by the example.com SPF record.

However in your case you have an unusual double forwarding setup, so
alum.mit.edu would also have to do SRS, (if it didn't rcn.com would
reject the email since the alum.mit.edu mailservers aren't allowed by the
example.com SPF record). You could fix this by adding the ip's of
the alum.mit.edu mailserver to the ratingscenteral.com spf record but
that would be a bit of a hack.

If your Plesk control panel has a handy 'Use SRS' check box then tick it.
If it dosn't then adding SRS support will probably be fairly complex
(You'll probably have to recompile your mailserver, and unfortunatly I'm
not aware of any working SRS implementation for postfix, i don't use
postfix myself tho and don't keep up to date with it's development).

3) Don't forward email from example.com.

Instead use a mailbox and then use POP or IMAP to get the mail to support@
into your email client. This should be fairly easy to setup, however
depending on how you use email this might not be an acceptable solution, up
to you!

(you could also use a webmail setup on example.com, but you
probably want to stick with eudora).

4a) simplify things a bit by forwarding directly to rcn.com.

I'm assuming you have an rcn.com email address and you've somehow told
rcn.com that davidmarcus@alum.mit.edu is yours and that email to that
address should go into your rcn.com mailbox. Cutting out alum.mit.edu
means you don't have to worry about alum.mit.edu starting to check spf
records, which cuts out half your problems. However depending on your
email needs that may not be an acceptable solution. (I'm assuming that
rcn.com is your ISP).

4b) simplify things by getting a mailbox at alum.mit.edu rather and
forwarding mail from there to rcn.com.

I'm assumiing this is possible. I guess that it probably isn't and
alum.mit.edu only forward, worth mentioning tho.

5a) Talk to alum.mit.edu and tell them that the example.com
mailserver is a forwarder and will be (from SPF's point of view) failing
SPF tests. Ask them to whitelist the example.com mailserver in
there mailserver setup.

MIT are almost certainly clueful enough to understand the problem, but
it's unlikely that they will have enough flexability to do this for
everyone that wants it.

5b) Also talk to rcn.com and ask them to whitelist alum.mit.edu.

Knowing large consumer oriented ISP's getting them to do this might be
like pulling teeth (that is, difficult and painful). However the
alum.mit.edu domain has a certain amount of presteige associated with it
so they might do it. In fact you're probably not alone in having this
problem, so it might be whitelisted already as a known forwarder.

------------------------------------------------------------

I hope that helps to some degree. To be perfectly honest i think you can
probably get away with doing nothing. I think i remember someone
associated with MIT being in the anti-spf camp, and i don't think
rcn.com are likely to start checking and rejecting spf fails anytime soon.

That is just a hunch tho, but it's a cheap solution!

--
[http://pointless.net/] [0x2ECA0975]



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101101182539:F3768934-E606-11DF-969E-FA152AF5AEBD
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
On Mon, 1 Nov 2010, David Marcus wrote:

>
> > I'm sending this to test your spf/forwarding questions you asked on the
> > spf-help mailing list (It's a better test that using your own domain
> > since i'm a good example of a 3rd party emailing
> > support@example.com).
> >
> > Please send the full headers from this message to spf-help so we can see
> > if there are any problems.
>
> Headers are below. I haven't yet asked the hosting company to fix the ptr
> record for virgo.dns-shield.com.

Ok, i wanted to check 2 things:

1) Is there any evidence that rcn.net or alum.mit.edu are doing spf
checking?

2) Is either rcn.net or alum.mit.edu doing SRS or any other sender
rw-writeing?

----------------------------------------------------------

For the 1st question the only anti spam stuff is:

> > X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net

So rcn.net is doing some anti spam checking, and i've scored 10 out of 50.

Unfortunatly We've no idea what i've done to score 10.

I've just now added the alum.mit.edu ip's (from the alum.mit.edu spf
record) to my (pointless.net) spf record. That means that the alum.mit.edu
mailservers are 'allowed' to send email from pointless.net. So if the
10/50 score is spf related it should go down when i send another email to
support@example.com.

I'll do that tommorow (to give the dns changes a chance to spread).

------------------------------------------------------------------------

For the 2nd question we have:

Return-Path: <jasper@pointless.net>

So it looks like there is NO rewriting going on.

------------------------------------------------------------------------

(I suspect the:

> > X-No-Auth: unauthenticated sender

header is related to SMTP AUTH, and so is not relevent to the
SPF/SRS/forwarding issues.

).


--
[http://pointless.net/] [0x2ECA0975]


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101101184933:4A820606-E60A-11DF-B4FC-A417ADE0333D
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
Why don't you forward your example.com email directly to your
rcn.net email and eliminate one step of forwarding?

Andrew

On 01/11/2010 6:49 PM, Jasper Wallace wrote:
> On Mon, 1 Nov 2010, David Marcus wrote:
>
>>
>>> I'm sending this to test your spf/forwarding questions you asked on the
>>> spf-help mailing list (It's a better test that using your own domain
>>> since i'm a good example of a 3rd party emailing
>>> support@example.com).
>>>
>>> Please send the full headers from this message to spf-help so we can see
>>> if there are any problems.
>>
>> Headers are below. I haven't yet asked the hosting company to fix the ptr
>> record for virgo.dns-shield.com.
>
> Ok, i wanted to check 2 things:
>
> 1) Is there any evidence that rcn.net or alum.mit.edu are doing spf
> checking?
>
> 2) Is either rcn.net or alum.mit.edu doing SRS or any other sender
> rw-writeing?
>
> ----------------------------------------------------------
>
> For the 1st question the only anti spam stuff is:
>
>>> X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>
> So rcn.net is doing some anti spam checking, and i've scored 10 out of 50.
>
> Unfortunatly We've no idea what i've done to score 10.
>
> I've just now added the alum.mit.edu ip's (from the alum.mit.edu spf
> record) to my (pointless.net) spf record. That means that the alum.mit.edu
> mailservers are 'allowed' to send email from pointless.net. So if the
> 10/50 score is spf related it should go down when i send another email to
> support@example.com.
>
> I'll do that tommorow (to give the dns changes a chance to spread).
>
> ------------------------------------------------------------------------
>
> For the 2nd question we have:
>
> Return-Path:<jasper@pointless.net>
>
> So it looks like there is NO rewriting going on.
>
> ------------------------------------------------------------------------
>
> (I suspect the:
>
>>> X-No-Auth: unauthenticated sender
>
> header is related to SMTP AUTH, and so is not relevent to the
> SPF/SRS/forwarding issues.
>
> ).
>
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101101185246:BD8F7886-E60A-11DF-B9D9-B497F839B480
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
I could. The alum.mit.edu address is an "email for life" forwarding
address and has a good spam filter (the spam is quarantined and
deleted after seven days). I have the rcn.com spam filter turned off.
So, I generally use the alum.mit.edu address for everything. However,
I get very little spam to support@example.com, so I could
forward directly to rcn.com.

David

>Why don't you forward your example.com email directly to your
>rcn.net email and eliminate one step of forwarding?
>
>Andrew
>
>On 01/11/2010 6:49 PM, Jasper Wallace wrote:
>>On Mon, 1 Nov 2010, David Marcus wrote:
>>
>>>
>>>>I'm sending this to test your spf/forwarding questions you asked on the
>>>>spf-help mailing list (It's a better test that using your own domain
>>>>since i'm a good example of a 3rd party emailing
>>>>support@example.com).
>>>>
>>>>Please send the full headers from this message to spf-help so we can see
>>>>if there are any problems.
>>>
>>>Headers are below. I haven't yet asked the hosting company to fix the ptr
>>>record for virgo.dns-shield.com.
>>
>>Ok, i wanted to check 2 things:
>>
>>1) Is there any evidence that rcn.net or alum.mit.edu are doing spf
>>checking?
>>
>>2) Is either rcn.net or alum.mit.edu doing SRS or any other sender
>>rw-writeing?
>>
>>----------------------------------------------------------
>>
>>For the 1st question the only anti spam stuff is:
>>
>>>>X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>>
>>So rcn.net is doing some anti spam checking, and i've scored 10 out of 50.
>>
>>Unfortunatly We've no idea what i've done to score 10.
>>
>>I've just now added the alum.mit.edu ip's (from the alum.mit.edu spf
>>record) to my (pointless.net) spf record. That means that the alum.mit.edu
>>mailservers are 'allowed' to send email from pointless.net. So if the
>>10/50 score is spf related it should go down when i send another email to
>>support@example.com.
>>
>>I'll do that tommorow (to give the dns changes a chance to spread).
>>
>>------------------------------------------------------------------------
>>
>>For the 2nd question we have:
>>
>>Return-Path:<jasper@pointless.net>
>>
>>So it looks like there is NO rewriting going on.
>>
>>------------------------------------------------------------------------
>>
>>(I suspect the:
>>
>>>>X-No-Auth: unauthenticated sender
>>
>>header is related to SMTP AUTH, and so is not relevent to the
>>SPF/SRS/forwarding issues.
>>
>>).
>>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/
>[http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>Modify Your Subscription:
>https://www.listbox.com/member/?&
>Unsubscribe Now:
>https://www.listbox.com/unsubscribe/?&&post_id=20101101185246:BD8F7886-E60A-11DF-B9D9-B497F839B480
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101101214940:742851FE-E623-11DF-94FB-B83DAA803B58
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
>My spf record should or changed to the new one that includes the mit ip's,
>lets see if this makes a difference.

Here it is:

>Return-Path: <jasper@pointless.net>
>Received: from mr21.lnh.mail.rcn.net (EHLO mr21.lnh.mail.rcn.net)
>([207.172.157.191])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id AUE80067;
> Tue, 02 Nov 2010 20:04:17 -0400 (EDT)
>Received: from mx11.lnh.mail.rcn.net (mx11.lnh.mail.rcn.net [207.172.157.61])
> by mr21.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BFQ62282;
> Tue, 2 Nov 2010 20:04:16 -0400
>Received: from alum-mailsec-relay-9.mit.edu ([18.7.68.29])
> by mx11.lnh.mail.rcn.net with ESMTP; 02 Nov 2010 20:04:16 -0400
>Received: from alum-mailsec-scanner-7.mit.edu
>(ALUM-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.19])
> by alum-mailsec-relay-9.mit.edu (8.13.8/8.12.8) with ESMTP id
> oA303pju006216
> for <davidmarcus@alum-mailsec.mit.edu>; Tue, 2 Nov 2010 20:04:15 -0400
>X-AuditID: 12074413-b7c1dae0000003bd-54-4cd0a701402d
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-7.mit.edu (Symantec Brightmail Gateway)
> with SMTP id CC.C6.00957.107A0DC4; Tue, 2 Nov 2010 20:04:17 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id D24A622C435
> for <davidmarcus@alum.mit.edu>; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id BDFFF22C419
> for <davidmarcus@alum.mit.edu>; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 110)
> id B245422C476; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>X-Original-To: support@example.com
>Delivered-To: support@example.com
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 9E83F22C435
> for <support@example.com>; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 70B1022C419
> for <support@example.com>; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>Received: from thingy.pointless.net (thingy.pointless.net [91.209.244.43])
> by virgo.dns-shield.com (Postfix) with ESMTP
> for <support@example.com>; Tue, 2 Nov 2010 20:04:09 -0400 (EDT)
>DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
>d=pointless.net; s=main;
> h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date;
> bh=sg305zzk/BIQ4nCHDMaHyg+i6aepOb9wzIDhmAcij5E=;
>
>b=vag99fT+wPTLEyWnrGUlJ0pAl37X62Vtn7nQjKHQxY/TkPbgP6ONraiV3TWIx3Nd5CTYjO6a0Ru7BpwHIsdk2DRlAuS/ADodAbQszWoNU+AIGV6tn+ksIz4wUPk0kxlhQ1wmjmYJ8RSxgkz4IHXbObbWwWrtd5dmactbfMU7e2E=;
>Received: from [93.89.81.29] (port=12861 helo=limpit.local)
> by thingy.pointless.net with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
> (Exim 4.71)
> (envelope-from <jasper@pointless.net>)
> id 1PDQpj-0004L5-3v
> for support@example.com; Wed, 03 Nov 2010 00:04:07 +0000
>Date: Wed, 3 Nov 2010 00:04:06 +0000 (GMT)
>From: Jasper Wallace <jasper@pointless.net>
>X-X-Sender: jasper@limpit
>To: support@example.com
>Subject: spf-help: testing again
>Message-ID: <alpine.DEB.2.00.1011030001190.3102@yvzcvg>
>User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
>X-OpenPGP-Key-ID: 0x2ECA0975
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>X-Virus-Scanned: OK
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAARaQFYw=
>X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>
>
>My spf record should or changed to the new one that includes the mit ip's,
>lets see if this makes a difference.
>
>--
>[http://pointless.net/] [0x2ECA0975]



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101102200715:4FA832A2-E6DE-11DF-8479-C76DF13F22D8
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
On Tue, 2 Nov 2010, David Marcus wrote:

>
> > My spf record should or changed to the new one that includes the mit ip's,
> > lets see if this makes a difference.
>
> Here it is:
>
> > X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net

ok, no change, looks like rcn.net isn't doing any spf checking

--
[http://pointless.net/] [0x2ECA0975]


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101102210647:A0B5A564-E6E6-11DF-B3A6-C53B9B32CAAE
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
alan <spfdiscuss@alandoherty.net> wrote:

> > Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> > by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with
> > SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)

> unfortunately it does fail the simple forged name test as the ptr of
> that ip is virgo.dns-shield.com but the ip given by a lookup of
> virgo.dns-shield.com is 65.98.79.201 (this is a bigger issue than
> anything in SPF)

On

http://www.openspf.org/FAQ/Blocking_spam

it says:

3. The connecting client IP address must have a PTR record.

4. The HELO hostname must be a well formed FQDN that has an A
record, and it must not be your own hostname.

These are both true. And, the hostname in the PTR record matches the
HELO hostname. It doesn't say that the HELO hostname must resolve to
the same IP address as the client.

Before I discuss this with my hosting company, I'd like to know where
the requirement is stated that the HELO hostname resolve to the client
IP address. Where is this stated?



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101109140717:923462AC-EC34-11DF-8BC2-7884F559ED1D
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
On 11/9/2010 2:07 PM, David Marcus wrote:
> alan <spfdiscuss@alandoherty.net> wrote:
>
> > > Received: from virgo.dns-shield.com (virgo.dns-shield.com
> [69.72.218.66])
> > > by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway)
> with
> > > SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400
> (EDT)
>
> > unfortunately it does fail the simple forged name test as the ptr of
> > that ip is virgo.dns-shield.com but the ip given by a lookup of
> > virgo.dns-shield.com is 65.98.79.201 (this is a bigger issue than
> > anything in SPF)
>
> On
>
> http://www.openspf.org/FAQ/Blocking_spam
>
> it says:
>
> 3. The connecting client IP address must have a PTR record.
>
> 4. The HELO hostname must be a well formed FQDN that has an A
> record, and it must not be your own hostname.
>
> These are both true. And, the hostname in the PTR record matches the
> HELO hostname. It doesn't say that the HELO hostname must resolve to
> the same IP address as the client.
>
> Before I discuss this with my hosting company, I'd like to know where
> the requirement is stated that the HELO hostname resolve to the client
> IP address. Where is this stated?
>
I see in RFC 2821, in section 4.1.4, there is this paragraph:

An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only.


So, this sounds like a recommendation, not a requirement. It can,
however, be used as one criteria in someone's anti-spam setup.

It is true that the connecting client must have a PTR record, and to be
a valid PTR record, the forward of the FQDN returned must, in turn,
resolve back to that same IP address. But that has nothing to do with
the HELO/EHLO hostname given.

Michael Breton


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101109143100:E250106C-EC37-11DF-9EAA-0486F559ED1D
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 09.11.2010 20:07, David Marcus a écrit :
> alan <spfdiscuss@alandoherty.net> wrote:
>
>> > Received: from virgo.dns-shield.com (virgo.dns-shield.com
> [69.72.218.66])
>> > by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with
>> > SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>
>> unfortunately it does fail the simple forged name test as the ptr of
>> that ip is virgo.dns-shield.com but the ip given by a lookup of
>> virgo.dns-shield.com is 65.98.79.201 (this is a bigger issue than
>> anything in SPF)
>
> On
>
> http://www.openspf.org/FAQ/Blocking_spam
>
> it says:
>
> 3. The connecting client IP address must have a PTR record.
>
> 4. The HELO hostname must be a well formed FQDN that has an A
> record, and it must not be your own hostname.
>
> These are both true. And, the hostname in the PTR record matches the
> HELO hostname. It doesn't say that the HELO hostname must resolve to
> the same IP address as the client.
>
> Before I discuss this with my hosting company, I'd like to know where
> the requirement is stated that the HELO hostname resolve to the client
> IP address. Where is this stated?
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/
> [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/16403207-33ceff3a
> Modify Your Subscription:
> https://www.listbox.com/member/?&
>
> Unsubscribe Now:
> https://www.listbox.com/unsubscribe/?&&post_id=20101109140717:923462AC-EC34-11DF-8BC2-7884F559ED1D
>
> Powered by Listbox: http://www.listbox.com


the normal spammeur use a valid adresse usurped himself
your boyfrind is a performer perhaps

- --
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/

iD4DBQFM2aGBtXI/OwkhZKcRArHDAJ98a/kzEaXsqLXGhIiPZ66zVGdHCACYqUk5
xf4IGsrJaPitWuWG0LAL0Q==
=u3bw
-----END PGP SIGNATURE-----


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101109143148:FEE64EBC-EC37-11DF-B33E-ECE38C727DE8
Powered by Listbox: http://www.listbox.com
Re: Is my hosting company forwarding email properly? [ In reply to ]
At 19:07 09/11/2010 Tuesday, David Marcus wrote:
>alan <spfdiscuss@alandoherty.net> wrote:
>
>> > Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>> > by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with
>> > SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>
>> unfortunately it does fail the simple forged name test as the ptr of
>> that ip is virgo.dns-shield.com but the ip given by a lookup of
>> virgo.dns-shield.com is 65.98.79.201 (this is a bigger issue than
>> anything in SPF)
>
>On
>
> http://www.openspf.org/FAQ/Blocking_spam
>
>it says:
>
> 3. The connecting client IP address must have a PTR record.
>
> 4. The HELO hostname must be a well formed FQDN that has an A
> record, and it must not be your own hostname.
>
>These are both true.

yes

> And, the hostname in the PTR record matches the HELO hostname.

it is not an error to do so, but it is stupid
(it makes your mailserver indistinguishable from a member of a botnet capable of looking at its own ptr record behind the same simple broadband link as a mailserver)
Ie it gives you neutral reputation score (not bad not good)
if it is a separate name within the same domain it does however give you a positive reputation as it shows it could only have been assigned by an intelligent administrator
(assuming it passes simple forgery tests ie it resolves back to the ip it was sent from)

> It doesn't say that the HELO hostname must resolve to
>the same IP address as the client.

if the helo did not resolve to the ip, dns would be stating it was a forgery, plain and simple

same as if the ptr>hostname>ip did not match

>Before I discuss this with my hosting company, I'd like to know where
>the requirement is stated that the HELO hostname resolve to the client
>IP address. Where is this stated?

this is not stated in the RFC (the helo must only resolve according to the RFC's) but recievers long ago raised the bar because a competent admin can easily reach this very low bar, but ratware can not so easily.


.............
simple scenario this mail comes from
195.2.202.63
ptr = hosting.orionnetworks.ie
hosting.orionnetworks.ie = 195.2.202.63

thus when it connects to others it passes the first possible test {does it have fcrdns name, forward confirmed reverse dns) ie is it traceable to an organization and non-forged
(failing this will usually guarantee later mail will be rejected regardless of who its to or from and what helo is used)

next it greets with
ehlo/helo of bigsvr.orionnetworks.ie

domains match so same organisation (if domains don't match helo and domain cannot be trusted as if i rooted another persons server to spam i could easily point a helo.mydomain.com at their servers ip, i could not though easily make their ptr match mydomain.com)

so next test is helo made-up/forged
bigsvr.orionnetworks.ie = 195.2.202.63 ,195.2.202.40 (this server is dual homed, but proves non-forged)
(this is first positive score, previous ones were required minimums)

so next test is it allowed/dissalowed/neither in a helo by spf
(tests spf of postmaster@helo-id)
lookup spf of bigsvr.orionnetworks.ie == v=spf1 redirect=%{l}._helo-spf1.mtxt.%{d2} == meaning
lookup spf of postmaster._helo-spf1.mtxt.orionnetworks.ie == v=spf1 a:%{o} exp=_msg-helofail1.%{d3} -all
which equals
v=spf1 a:bigsvr.orionnetworks.ie exp=_msg-helofail1.mtxt.orionnetworks.ie -all

ie allowed in helo from any ip pointed to be the A of bigsvr.orionnetworks.ie
so passes spf with positive result
(yes my spf is convoluted)

next for extra points if the receiver checks to see if i have anti-ratware deployed on my ips
they lookup the spf of the guessable name hosting.orionnetworks.ie and see v=spf1 -all
ie the ptr name is explicitly dissolowed
(just like all the ptr names within all my networks to ensure ratware won't ever get by spf checks)

this is all spelled out on http://www.alandoherty.net/mailservers/

yes many receivers do not bother (or even have the software to try) to look at the relative credibility of senders, but those that do the extra checks get less spam, and thus their number will only continue to grow

when setting up your ptr to point at a unique name that points back at its own ip is costless
and when configuring a unique helo-name to point at its own ip(s) is equally costless

why not be a sender that can clear the highest raised bar and thus dosn't stand in the way of progress
(as only by most senders raising the bar can the more timid receivers start to raise theirs also)

and only by us all raising the bar can we ever hope to clean up the mail ecosystem



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101109150836:2414C3E4-EC3D-11DF-B741-7854F559ED1D
Powered by Listbox: http://www.listbox.com