On 06/10/2010, at 12:17 PM, John Peach wrote: > On Wed, 6 Oct 2010 12:13:25 +1100 > James Gray <ja...@gray.net.au> wrote: > >> >> On 06/10/2010, at 9:37 AM, Noel Butler wrote: >> >>> On Tue, 2010-10-05 at 23:46 +0200, mouss wrote: >>>> Le 04/10/2010 23:03, Terry Gilsenan a écrit : >>>>> Configure postfix to use SPF, and setup an SPF record in DNS for that >>>>> domain. >>>>> >>>> >>>> then what? you reject mail because of spf fail? that would lead to false >>>> positives... >>>> >>>> >>> >>> We've used it for years, had very little complaints, maybe half a dozen in >>> all that time. >>> SPF is a "must use" IMHO, and by use of "-all" ... providing you >>> configure your DNS correctly. >> >> ...and then a user puts in a .forward file (or equivalent) to send mail to >> another address. Now SPF if broken on the forwarded account as your mail >> server very likely doesn't have an SPF record for the original sender. >> Ooops - SPF is broken in these situations and therefore can't be used to >> arbitrarily reject messages on SPF failures. The best it can do is be added >> as a heuristic to an overall message evaluation (spamassassin et al). > > We neither publish nor use SPF records; broken by design.
Hi John, Agreed - sorry about the wording in my previous. I didn't want it to sound like "your" mail system specifically. No offence intended. Cheers, James
smime.p7s
Description: S/MIME cryptographic signature
