On 10/12/2009 20:19, Marc Perkel wrote: > Sometime flawed technologies still have uses. SPF breaks email > forwarding.
You say that as though it's a statement of fact. I think a more accurate statement is, "Broken forwarding is incompatible with SPF". SPF is broken when servers which forward mail spoof the sender envelope rather than using their own. I, nor any of my users forward email from other accounts to accounts on my server. Because I know this, I *could* use strict SPF checking for rejections. Because I'm cautious, I just score on it though. Even if broken forwarding was taking place, I would still be able to use SPF as part of a whitelist mechanism. I wouldn't want to outright accept anything with a sender envelope of *[email protected] because spammers spoof it. But if I made it dependent on an SPF pass, then the spoofing problem disappears. For example, I safely whitelist the SpamAssassin users list with this simple SpamAssassin rule: whitelist_from_spf *...@*.apache.org -- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/ Technical Blog: https://secure.grepular.com/blog/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
