On Mon, 3 Apr 2006, Ian Eiloart wrote: > You can't whitelist a mail domain because anyone can use it. > However, if you could tie down the legitimate servers for a domain > that you trust, then you could whitelist those servers (at least for > mail from that domain). That's what SPF lets you do. > > Of course, not all email from that domain will come from those > servers, [...]
Indeed. We got an email exchange with our postmaster address, which descended into a quite abusive tone from the other side, because we had rejected[1] mail which was presenting a *.gov email address in the envelope-sender, but was being sent from a dynamic DSL address at one of the major US spam-source providers. Apparently, the sender was of the opinion that we *had* to trust his *.gov envelope sender address, no matter what mail relay he was using. Amongst his excuses was the claim that, because that particular service provider was the only one serving his home area, he had no possibility of sending mail from home in any other way. I could only conclude that if his .gov institution was so distrustful of his service provider that they wouldn't let him send his *.gov mail via their mail system, it was hard to understand why we were expected to be any more tolerant...? (No, I don't have a solution; I'm just sharing a scenario which we had to deal with, so that others might be prepared for it if it happens to them.) best regards [1] the rejection report indeed directs bona fide senders to contact the unfiltered postmaster address. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
