Doesn't SPF fail under a few circumstances? 1. When forwarding mail, such as with imail aliases. The from address would be from some other domain.tld (not local), passing through your mail server, delivered to a third party domain.tld (such as AOL). Since your server is not listed in SPF for the other domain.tld (not local), it will fail SPF.
>> Yep it fails. And should. Why are you relaying for a domain that hasn't authorized you as a relay? DC> When a customer decides they want to pick up their email for a domain you host for them from another email provider...so you forward to their email account with the other provider per their request. It would not be possible to contact every possible sending domain to have them add your mail server to their SPF pass list. Nor would it be possible for every domain to contact every legit relay. Based on this, it seems to me that SPF PASS should be a much more actionable result than SPF FAIL. 2. Roaming or remote users who must use their ISP's mail server to send mail because their ISP blocks port 25 (like Earthlink or Cox). >> No. It is our responsilbility to allow inbound traffic on a nother port, say 2525 or some such business that is not blocked auto. Users already are used to filling out server info as it is and one more thing, the port, isn't adding too much. DC> If we block port 25 and everyone switches to port 2525, then spammers just switch to 2525. Port blocking doesn't seem to be the answer. Authentication is a much better answer. Yes, port blocking would help eliminate open proxies, but we already have good DNSBLs to cover that. If we have a local domain with a remote user on Earthlink who sends mail from [EMAIL PROTECTED] but sends it through the Earthlink mail servers, delivered to a third party domain.tld (such as AOL) it will fail SPF since the Earthlink mail server is not listed in our local SPF record. >> Yeah, don't do that. If you host, you have 'em auth through you. The correct way. DC> This is not always possible. For example, what if the company uses a third party mailer? Or maybe they have in-house bulk mailing? If we don't want to risk them sending through us, do we just refuse them all service? It seems to me that wide adoption of SPF will require one of the following. 1. the elimination of port 25 blocking. >>Nope. See above. 2. Resetting all of those mail clients that are currently sending through their local ISP (because of port 25 blocking) to send through an alternate port. >> Yep, they'll understand, and if you set up your firewall right, you can email them and give them a sunset date on port 25 of say 30 days in the future. They can change it at their convenience and voila! DC> Forcing customers who have enough trouble just setting up SMTP Auth to now change the SMTP port is not the answer. See above and the archives for discussions on the merits, or lack of, for port blocking. Darin. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
