Mark Andrews wrote: > It doesn't however mean you cannot send mail from that > machine however. You just have to set an appropriate mail > domain for outgoing mail.
> Rather than [EMAIL PROTECTED] the mail would come > from [EMAIL PROTECTED] or something similar if you > were using "MX 0 .". JFTR, that is a nullmx for toaster.example.net, and the host toaster.example.net can send MAIL FROM [EMAIL PROTECTED] (or from almost any address excluding @toaster.example.net). Mail to <postmaster> at this host is still supposed to work. I couldn't tell without cheating (= looking into 2821bis) if that's MUSTard, SHOULD, or between the lines. > Non deliver reports don't have to go back to the originating > machine. I can sing "originator as indicated in the reverse-path", in moments when JohnK would seriously wish that I don't try to sing, at least not on this list. BTW, your example also shows another reason why "v=spf1 -all" is not the same as nullmx. The toaster.example.net MTA using this FQDN in its EHLO needs "v=spf1 a -all" (added "a") or another way to indicate that it's permitted to use this name. When it sends an NDR or any mail with an empty reverse-path receivers checking SPF look for a policy associated with the EHLO name, and that is generally recommended in RFC 4408 for the purpose of rejecting abuse of EHLO names, not limited to empty reverse-paths. Clearly nobody is forced to protect EHLO names with SPF FAIL, but if they do they better get this right. Frank
