Dnia 26.09.2025 o godz. 09:44:20 Sebastian Nielsen via mailop pisze: > >> The scenario was when [email protected] was sending their mail to > >> [email protected] (external to op.pl, totally different service), and > >> [email protected] in turn forwarded the mail to [email protected], the op.pl > >> server rejected the mail with a message requring authentication - because > >> it > >> Saw a sender address from op.pl domain. I think I see similar > >> misconfiguration here. > > Exactly what im saying. The third server has no way of validating "its own > hosted domain" to "itself" to what to say. > > As I made the example with "sebbe.eu" validating "127.0.0.1" against SPF. > Thats why DirectSend exist. To facilitate this type of validation.
The mail in my example was *not* coming from 127.0.0.1. It was coming from an external server (I was actually admin of that server at the time ;)). At the time when SPF did not exist, there was no separate submission service and submission was done via port 25, it was indeed hard to distinguish (although not impossible) if an incoming mail with a sender from "my own domain" is submission or a forwarded message coming from external server. But nowadays, when submission is separated from incoming mail and SPF exists, it's absolutely no problem to determine if incoming message with "my own domain" is submission, or a message coming from ouside with properly validated SPF. It's only lack of Microsoft's will to do so. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
