On Wed, Jul 6, 2011 at 02:38, Ted Cooper <[email protected]> wrote:
> On 05/07/11 21:54, Jan Ingvoldstad wrote: > > On a general basis, I recommend against using SPF, but if one "must" use > > SPF, remember to NOT set it restrictively. > > > > That is: never, ever use "-all" or similar constructs that restrict > message > > handling to a few hosts, unless you are absolutely certain that messages > > will NEVER exit your private/company network. > > > > Pain ensues if it does. > > That's generally the idea of SPF though To ensure pain? It certainly seems so. > - tell the world where your > email is allowed to come from, and anyone else is forging your domain > can be safely dropped on the floor. > But it's not about "forging your domain" if the message is resent, e.g. if someone has the e-mail address [email protected], which is resent to [email protected] and [email protected]. > > I've been running SPF on all my domains for many years now (when did it > come out again?) because I only allow allow emails to be sent via SMTP > AUTH. I've even got most of the client domains configured this way. > Congratulations, you have a setup that guarantees delivery problems. > > The only problem I've had recently was a parent company of one of my > clients forwarding emails without SRS. Semi-legitimate and yet easy to > fix because of the business relationship. > No, SRS is not "easy to fix", sorry. It's a hack that's required by another ugly hack (SPF). Good luck with getting everyone to use SRS the way the SPF evangelists want to. In the meantime, SPF with "-all" breaks email. Just don't, please. </soapbox> - and apologies for probably being off-topic again. -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
