[Gllug] Configuring SPF to cope with secondary incoming mail servers

[Bruce Richardson]

On Tue, Dec 05, 2006 at 10:22:59AM +0000, Jason wrote:
> On Mon, 4 Dec 2006, Bruce Richardson wrote:
> 
> > Do they claim that in the From: header?  Because that's irrelevant to
> > SPF.  What is the envelope sender?
> 
> SPF does not itself look anywhere in the message. SPF is just a DNS record 
> that you can check against and it's up to whatever glue you use in your 
> filtering process as to which data points on the message are checked 
> against it.

Yes, but the original intention of SPF was validation of the envelope
sender.  That's the only thing it can be used for with any reliability
at all.  The failure to understand this by many SPF advocates has lead
to more headaches for mail system administrators, not fewer.

> 
> Certainly the envelope sender *should* be checked but it may also be worth 
> checking the From header so long as you understand that neither on it's 
> own is sufficient to reject a message.

Any checking you do there is broken by mailing lists (and other things
but mailing lists provide the simplest example).  If you are
administering your own personal mail server then you may (I would not)
find it worth your while to special case every mailing list that you are
on.  If you are adminning a mail server that serves others, then you are
just asking to be creating false positives for them.

-- 
Bruce

Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant.  -- Roger Bacon, "Doctor Mirabilis"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20061205/9e652340/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug