[NCLUG] spam help

Sean Reifschneider jafo at tummy.com
Sun Sep 10 21:00:11 MDT 2006


On Sun, Sep 10, 2006 at 04:21:29PM -0600, Jake Edge wrote:
>>This link seems to be a few printed pages which say "It breaks forwarding".
>
>'breaks forwarding' is a pretty powerful argument ...

Except that it doesn't break forwarding.

It only breaks forwarding if a user forwards mail on to an server that
enforces SPF, but they do not forward using the SPF-compatible forwarding
(SRS).  In other words, the recipient has full control of this, and it only
breaks in the case where the forward destination is using SPF.

>Unfortunately, SPF does not provide you any control over your domain ... 
>it allows you to publish information about where your domain sends mail 
>from, it leaves it up to others to decide whether to do anything about 
>it (or even check it) ...

Which I consider control.  Before SPF, there was *NOTHING* I could do to
prevent someone from hijacking my domain.  Now I have the ability to
publish the legitimate senders, which other people can listen to.  Of
course I can't FORCE others to listen, but if a recipient cares about not
getting forged messages, they can enable SPF.

>domains that do strict SPF checking (presumably yours for instance) may 
>reject perfectly legitimate forwarded email ...

Again, as I said before, this is only if *I* configure forwarding and do it
improperly.  However, we don't tend to forward other domains, unless they
are our own domains, which, you know, exist on this same server and so
forwarding doesn't go through the SMTP-time SPF checks.

>problems and it breaks standard email practice of 20 years or more ...

No, it doesn't.  If you deliberately break your forwarding, you get to keep
both pieces.  That's pretty much the way e-mail has always worked...

Thanks,
Sean
-- 
 Home is where your source is.  -- Sean Reifschneider, 1999
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
      Back off man. I'm a scientist.   http://HackingSociety.org/




More information about the NCLUG mailing list