1. When forwarding mail, such as with imail aliases. The from address would be from some other domain.tld (not local), passing through your mail server, delivered to a third party domain.tld (such as AOL). Since your server is not listed in SPF for the other domain.tld (not local), it will fail SPF.
>> Yep it fails. And should. Why are you relaying for a domain that hasn't authorized you as a relay? You are not relaying for a domain that hasn't authorized you as a relay. 1. [EMAIL PROTECTED] sends mail to [EMAIL PROTECTED] 2. [EMAIL PROTECTED] has their preferences set to forward the mail to [EMAIL PROTECTED] OR maybe [EMAIL PROTECTED] is an alias setup to forward to [EMAIL PROTECTED] 3. The FROM address of the email is [EMAIL PROTECTED] but the last MTA is yours (localdomain.tld). localdomain.tld is not and of course should not be listed in the SPF for somedomain.tld, so the forwarded mail would fail the SPF. I think that the use of aliases and forwarding is pretty common. Perhaps I should not allow our users to forward their mail until I have been "authorized" by every domain holder in the world to forward (relay) mail from them. ----- Original Message ----- From: "Dave Heritage" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 24, 2004 12:30 PM Subject: RE: [IMail Forum] OT: SPF Doesn't SPF fail under a few circumstances? 1. When forwarding mail, such as with imail aliases. The from address would be from some other domain.tld (not local), passing through your mail server, delivered to a third party domain.tld (such as AOL). Since your server is not listed in SPF for the other domain.tld (not local), it will fail SPF. >> Yep it fails. And should. Why are you relaying for a domain that hasn't authorized you as a relay? 2. Roaming or remote users who must use their ISP's mail server to send mail because their ISP blocks port 25 (like Earthlink or Cox). >> No. It is our responsilbility to allow inbound traffic on a nother port, say 2525 or some such business that is not blocked auto. Users already are used to filling out server info as it is and one more thing, the port, isn't adding too much. If we have a local domain with a remote user on Earthlink who sends mail from [EMAIL PROTECTED] but sends it through the Earthlink mail servers, delivered to a third party domain.tld (such as AOL) it will fail SPF since the Earthlink mail server is not listed in our local SPF record. >> Yeah, don't do that. If you host, you have 'em auth through you. The correct way. It seems to me that wide adoption of SPF will require one of the following. 1. the elimination of port 25 blocking. >>Nope. See above. 2. Resetting all of those mail clients that are currently sending through their local ISP (because of port 25 blocking) to send through an alternate port. >> Yep, they'll understand, and if you set up your firewall right, you can email them and give them a sunset date on port 25 of say 30 days in the future. They can change it at their convenience and voila! Dave To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
