On 2017 Feb 12, 18:32, Dominic Raferd wrote: > On 12 February 2017 at 12:54, Josh Good <[email protected]> wrote: > > > Well, yes, SPF breaks old-style forwarding. This is well known and > > undisputed. > > > > Many old-style SMTP "customs" no longer apply, like open relays, etc. > > > > Old-style forwarding is nowadays also known as "spoofing the sender", > > and it is seriously frowned upon, as are open relays. > > > > I understand there are people who want to keep using old-style > > forwarding, and also there are some hold-outs still having open relays > > as a matter of principle. > > I don't run an open relay and I am not sure what you mean about > 'old-style forwarding'? I am relaying so that I can deliver mails > addressed to domain-name mail addresses into my Gmail, I don't know of > any other way to do this (other than to buy G-Suite of course).
Old-style forwarding is when the forwarding MTA forwards the message re-using the original Return-Path in the SMTP envelope, instead of using its own address in the Return-Path. Because if the forwarding MTA uses its own address in the Return-Path while forwarding the email, SPF poses no problem at all. That old-style forwarding is out of style, and it is frowned upon nowadays. > For all my 'working' domains (not the one I use here) I have DMARC > p=reject, I do have SPF policy as well as DKIM, I just don't see what > SPF adds to the others. If I (or others using my domains) had to send > some emails that could not use our DKIM then it would have a purpose, > I admit. SPF is one of the underlying authentication mechanisms available to DMARC. It's hard to be OK with DMARC without being also OK with SPF. SPF helps DMARC happen. Regards, -- Josh Good
