On Fri, 25 Apr 2014 06:55:48 -0700, you wrote: >On Thu, Apr 24, 2014 at 11:13 AM, Ashish SHUKLA <[email protected]> wrote: > >> On Sat, 19 Apr 2014 08:26:59 +0200, Martin Braun <[email protected]> >> said: >> > Hi >> >> > I was thinking about adding DKIM and SPF to my OpenSMTPD setup as I >> > have previously run with those, but I am in doubt. >> >> > I am thinking about the "worth" of those technologies? >> >> > I used to think SPF was a good idea, but SPF fails if someone forwards >> > email to another server. Then the forwarding server is not listed in >> > the SPF entry and the destination mail server will reject the email. >> >> SRS[1][2]. >> >> References: >> [1] http://www.openspf.org/SRS >> [2] http://www.libsrs2.org/ >> >> SPF itself is a decent idea this was just bound to happen since it makes >the assumption that all valid mail from a domain >only comes from servers that the domain knows about which may not >necessarily be the case (see mailing lists) but this is >one of the reasons to use both DKIM and SPF. generally if one passes it >scores high enough to cancel out that the other failed. >DKIM is supposed to prove that messages are authentic, not SPF. SPF is >setup to prove that a sending server has the right >to send on behalf of a domain. They really are meant to work hand in hand >and solve different problems. So if you were using DKIM and SPF >SRS would not be an issue since the DKIM info in the header proves the >message came from a valid source.
Unfortunately the whole point of SPF (unlike Sender-ID which works much better and on much the same principles) is that you can reject the message before receiving it so you wouldn't have the DKIM stuff (which I think requires you to have the entire message?). JC -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
