[Mimedefang] Deadline for SPF records

Joseph Brennan brennan at columbia.edu
Mon Aug 9 08:42:33 EDT 2004


> 1) it breaks mail forwarding.
> http://spf.pobox.com/faq.html#forwarding
>
> All forwarding/aliasing becomes resending?!
>
> We have plenty of "forward-only" accounts, that do not have no local
> account. Who is the sender of such virtual account -> I will recieve all
> the DSNs then?!! Arrgh.

Yes that idea is shot out of the water unless you implement some
routine that would rewrite the sender.  Note that there is much
more to it than rewriting the sender: you also have to verify that
each bounce coming back in really passed through your host on its
way out, or else you're an open relay.  Proposed methods include
keeping a database or putting a code in the headers as you send.
Forwarding is going to be tough.

The better solution would be referrals like web servers do.  When
the sender host says RCPT TO: one of these addresses, you send back
a response stating the forwarding address, and the sender host then
closes the smtp session.  But SMTP and ESMTP do not provide for
this!



> 2) it does not protect the From:
> http://spf.pobox.com/faq.html#whichfield
> Actually for many concerns of mine this is exactly what I want (that the
> From: header is set by the user as s/he wishes).
>
> But I cannot see how I setup a MUA to use this From: header and that
> envelope sender. Does somebody has some pointer to information about this
> topic?

I don't know of any MUA that allows this.  Probably (a) because it is
so hard to explain why there are two sender addresses and what they
are for and (b) ironically to prevent fakery.



> Consider the following scenario:
> You know the large Call Centers around that get phoned for support by
> customers often of many different companies.
> Move that over to email support.
> Consider an email support center named "support.com" for companies
> "comanyA.com", "companyB.com" a.s.o.
> When I consider SPF right, the mails send by the support center must use
> the envelope address "XYZ at support.com", but the recipients must see
> "XYZ at companyA.com", when doing bussiness for company A respectively.


Well, if it is OK with you for support.com to send mail as your domain,
then you include support.com's IPs in your SPF record and it works.
They don't need to be IPs you own and their hostnames do not matter.
The sender domain is matched to that domain's SPF record.



Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York








More information about the MIMEDefang mailing list