On Tuesday 10 April 2007 12:25, Tony Finch wrote: > On Tue, 10 Apr 2007, Magnus Holmgren wrote: > > SPF doesn't break forwarding if employed carefully. Mail isn't forwarded > > totally randomly; in sane configurations a user U tells a system A to > > forward his mail to system B. If B wants to enforce SPF, they have to > > allow U to tell them about this forwarding, so that an exception can be > > made. > > It's unreasonable to expect users to do this.
Not more so than expecting them to choose good passwords...(?)
The hard part would be getting the message to them and getting them to
understand it. Setting it up can be automated in the following manner:
1. U tells A to forward mail to [EMAIL PROTECTED] (how this is
done is of course outside the scope of A). "+whatever" can be optional, but
recommended, and chosen by the user.
2. U sends off a mail to [EMAIL PROTECTED] using B's submission server.
3. B recognises the mail when it comes back and uses the available information
to construct an as good exception as possible.
No harder than putting together IKEA furniture, if you ask me...
Now for how to implement this with Exim...
> > Otherwise they could specify the IP addresses the forwarded mail can
> > come from (but that's complicated), or in many cases simply specifying
> > the mail address forwarded from, letting the SPF-enforcing server make
> > educated guesses, can work.
>
> That's remarkably optimistic.
You'd of course make sure that you stay on the safe (false negative) side.
--
Magnus Holmgren [EMAIL PROTECTED]
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
pgpMaFoik2X5M.pgp
Description: PGP signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
