New warning message...

Daniel McDonald dan.mcdonald at
Tue Jul 23 12:51:56 UTC 2013

On 7/23/13 7:36 AM, "Matus UHLAR - fantomas" wrote:

>> In article <mailman.881.1374508134.20661.bind-users at>,
>> Matus UHLAR - fantomas wrote:
>>> No, it does not. If a mail gets delivered to address, which is sending it
>>> further ("forwarding it"), the envelope sender has to be changed, because
>>> it's not the original sender who sends the another mail.  Forwarding without
>>> changing envelope address is already broken, it's just people don't care
>>> without SPF.
> On 22.07.13 12:22, Barry Margolin wrote:
>> They're talking about auto-forwarding, not people resending a message
>> they received. For instance, mail to barmar at is
>> automatically forwarded by the server to my ISP email
>> address. Many people also have vanity domains with auto-forwarding
>> enabled like this.
Ok, but in this case you are trusting as a forwarder.  And it
is specific to you as the recipient, not all of the people in the world
getting your mail.  So add them to trusted-hosts and apply spf before the
last trusted...  Problem solved.  Or add enough whitelist points to
counteract SPF problems when a /^Received.{5,40}\ header is
found in your mail.  In either case, you have to either trust your forwarder
to evaluate SPF for you and trust the SPF evaluation headers they insert, or
consider that forwarder part of your mail infrastructure and instruct your
spf evaluator to ignore those headers.

But again, that's your choice for outsourcing part of your mail solution to
another entity.  

> ...OK this is off-topic here. However this was already discussed and the
> conclusion was that the SPF record is NOT dead. We just need enough time to
> deal with these issues.

Daniel J McDonald, CCIE # 2495, CISSP # 78281

More information about the bind-users mailing list