[Mimedefang] Deadline for SPF records
Joseph Brennan
brennan at columbia.edu
Thu Aug 5 15:01:09 EDT 2004
--On Thursday, August 5, 2004 11:37 AM -0700 Matthew.van.Eerde at hbinc.com
wrote:
> Joseph Brennan wrote:
>> We published SPF a month ago for columbia.edu and found a handful of
>> systems in Europe rejecting mail with it! We changed it to ~all in
>> an attempt to tell those guys it's not required yet.
>
> So... someone was sending mail as
> From: columbia.edu
> To: someone in Europe
> Received-By: a server not listed in your SPF record
>
> but you still wanted it to go through? What was it?
One was from our user on a Verizon dialup where he was required
to send through Verizon's smtp server. He reported port 587 was
blocked so he could not do smtp auth to our server. This has
not been confirmed.
One was from an IP on campus but not routed through our smtp
server. Solution is to use our server or send with their own
subdomain in the sender address. They chose the latter.
Since this is still a proposed standard we had not publicized
its impact to our user community. MSN-Hotmail is proposing to
use it for scoring, which sounds reasonable. I was surprised
anyone would use it to reject especially at this time.
> What is recommended for things like "send this page to a friend", where
> the initiator wants to be able to have a remote machine send on his
> behalf despite an SPF to the contrary? MAIL FROM: <> From:? From: <>
> Sender:? From: <> Reply-To:?
The SPF advocates say all such systems must use an envelope sender
with their own domain in it. The header From: can still show
what human sent it. While this sounds like the right thing to do,
I wonder how fast it can really be implemented and what pain will
be caused in the meantime.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list