On Thu, Apr 24, 2014 at 11:13 AM, Ashish SHUKLA <[email protected]> wrote:
> On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun <[email protected]> > said: > > Hi > > > I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I > > have previously run with those, but I am in doubt. > > > I am thinking about the "worth" of those technologies? > > > I used to think SPF was a good idea, but SPF fails if someone forwards > > email to another server. Then the forwarding server is not listed in > > the SPF entry and the destination mail server will reject the email. > > SRS[1][2]. > > References: > [1] http://www.openspf.org/SRS > [2] http://www.libsrs2.org/ > > SPF itself is a decent idea this was just bound to happen since it makes the assumption that all valid mail from a domain only comes from servers that the domain knows about which may not necessarily be the case (see mailing lists) but this is one of the reasons to use both DKIM and SPF. generally if one passes it scores high enough to cancel out that the other failed. DKIM is supposed to prove that messages are authentic, not SPF. SPF is setup to prove that a sending server has the right to send on behalf of a domain. They really are meant to work hand in hand and solve different problems. So if you were using DKIM and SPF SRS would not be an issue since the DKIM info in the header proves the message came from a valid source. -- Jason Barbier | [email protected] Pro Patria Vigilans
