SPF breaks email forwarding

[Marc Perkel]

Michael Scheidell wrote: -----Original Message----- From: Graham Murray [mailto:[EMAIL PROTECTED]] Sent: Monday, July 24, 2006 7:44 AM To: users@spamassassin.apache.org Subject: Re: New DNS Black list, White List, Yellow List Ramprasad <[EMAIL PROTECTED]> writes: A lot of banks/legitimate bulk email senders change their relay server. Many reasons for that. The most common is that they use a third party to relay their mails and these would keep changing Especially for banks and other high risk phishing targets, it would be much better if they did not do this. If all banks etc sent mail from a server whose IP address whose rDNS is xxx.bank.com and where xxx.bank.com resolves to the IP address from which the mail is sent, then it would considerably easier to detecting phishing and greatly improve the security for their customers. Even if the banks used spf hardfail, it would at least stop phishing to ISP's ans servers that knew about SPF. (you could bump SPF_HARDFAIL score to 15, or use spf to block offending connection right in postfix!) Except = SPF breaks email forwarding. It requires that the world change how email is forwarded and that's not going to happen. Thus if a bank has a hard fail and someone with an account on my server gets email from an account that is forwarded then my server sees the email as coming from an illegitimate source.