On Sat, Jan 14, 2023 at 04:55:45PM +0100, Matus UHLAR - fantomas wrote: > On 14.01.23 11:02, Chris Green wrote: > >I use postfix on my home server and deliver mail by connecting to my > >hosting providers' "smart host" using authenticated SMTP. > > > >My home system's hostname is zbmc.eu but I don't use that domain in my > >E-Mail address, I use isbd.co.uk which domain is hosted at one of my > >hosting providers (mythic-beasts.com). > > > >However most of the time I use my hosting at gandi.net to send my > >E-Mail, so mail from ch...@isbd.co.uk originates on zbmc.eu, is > >transferred by authenticated SMTP to mail.gandi.net and is sent on > >from there to whatever its destination is. > > >As I understand it the SPF records for mail.gandi.net purely confirm > >to a receiving mail server that the mail is coming from mail.gandi.net > >and reverse DNS look-up confirms that it really is mail.gandi.net. > >Have I got that right? > > SPF records for mail.gandi.net are checked when someone sends mail from > @mail.gandi.net (you don't) or when server introduces itself as > mail.gandi.net (I assume yours introduces as zbmc.eu). > Yes, my server's postfix is on zbmc.eu but since the connection to Gandi is authenticated I assume Gandi will accept my E-Mails anyway.
> so, you should not care about SPF record for mail.gandi.net but for SPF > record for isbd.co.uk > How does isbd.co.uk's SPF record get involved, it's hosted at Mythic Beasts so never sees my E-Mails sent from zbmc.eu to Gandi. > >I.e. the fact that the mail's From: is not > >connected in any way to the SPF record is irrelevant. The SPF record > >simply confirms the SMTP relay host's IP and that it is meant to be > >relaying mail for that IP. > > Header From: is irelevant with SPF. > > Envelope from: is relevant and "isbd.co.uk" should have SPF record > including mail.gandi.net or whatever mail.gandi.net admins tell you to > include in SPF. > As above, I don't see how isbd.co.uk's SPF record gets involved at all, isbd.co.uk is hosted at mythic-beasts.com. I have another (unrelated) domain registered at Gandi (that I thus have a password there that I use to autheticate the connection from zbmc.eu) -- Chris Green