New warning message...
Daniel McDonald
dan.mcdonald at austinenergy.com
Tue Jul 23 12:51:56 UTC 2013
On 7/23/13 7:36 AM, "Matus UHLAR - fantomas" wrote:
>> In article <mailman.881.1374508134.20661.bind-users at lists.isc.org>,
>> Matus UHLAR - fantomas wrote:
>>> No, it does not. If a mail gets delivered to address, which is sending it
>>> further ("forwarding it"), the envelope sender has to be changed, because
>>> it's not the original sender who sends the another mail. Forwarding without
>>> changing envelope address is already broken, it's just people don't care
>>> without SPF.
>
> On 22.07.13 12:22, Barry Margolin wrote:
>> They're talking about auto-forwarding, not people resending a message
>> they received. For instance, mail to barmar at alum.mit.edu is
>> automatically forwarded by the alum.mit.edu server to my ISP email
>> address. Many people also have vanity domains with auto-forwarding
>> enabled like this.
>
Ok, but in this case you are trusting alum.mit.edu as a forwarder. And it
is specific to you as the recipient, not all of the people in the world
getting your mail. So add them to trusted-hosts and apply spf before the
last trusted... Problem solved. Or add enough whitelist points to
counteract SPF problems when a /^Received.{5,40}\balum.mit.edu/ header is
found in your mail. In either case, you have to either trust your forwarder
to evaluate SPF for you and trust the SPF evaluation headers they insert, or
consider that forwarder part of your mail infrastructure and instruct your
spf evaluator to ignore those headers.
But again, that's your choice for outsourcing part of your mail solution to
another entity.
> ...OK this is off-topic here. However this was already discussed and the
> conclusion was that the SPF record is NOT dead. We just need enough time to
> deal with these issues.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
More information about the bind-users
mailing list