[Techtalk] spf and mail

Maria McKinley maria at shadlen.org
Sat Mar 17 06:42:37 UTC 2007 

Kathryn Hogg wrote:
> Maria McKinley wrote:
>> Sounds like you followed it pretty well to me! Thanks! I think this is
>> exactly my problem. The offender is the University of Washington, and
>> they have already told me that they have no intention of publishing an
>> SPF record, and I expect they won't be any more enthusiastic about
>> re-writing the sender address. So, is there a way to figure out what
>> mail has been forwarded and exclude it from SPF testing? The email link
>> of Stuart Gathman's opinion seemed to imply this was possible, but
>> didn't explain how. Any ideas?
> 
> I don't think the problem is whether or not the U of Washington is
> publishing an SPF record or not.  The problem is that if they do very
> simple mail forwarding, it looks like mail sent from your server is being
> delivered by a machine on their network.  In other words, the mail is from
> your domain but it fails an SPF check because the IP address it is coming
> from is not listed in your SPF record.
> 
> As the page Mary pointed you to, they need to remail the message not just
> forward it.  If they remail the message it will be from the U of
> Washington and will be allowed to be delivered because they don't publish
> an spf record.
> 
> If its just one or two servers that cause this problem, you can add their
> MX servers to your SPF list but that means anything sent from them can
> pretend to be you and still be SPF compliant.
> 
> 

Sorry, I think I wasn't very clear. I didn't mean that I thought that 
their publishing an SPF record would solve my problem; I had asked them 
if they would for a different reason. I only meant that they were so 
unhelpful with that, that I thought it was unlikely they would consider 
doing anything else either.

The problem is a bit more complicated than what I have gotten across. 
The message on these emails is not that the ip is not listed for the spf 
record of my domain, but that my domain does not have an spf record at 
all! I have my spf record set to soft fail if the ip doesn't match, but 
it doesn't seem to be checking my spf record at all, and this is what I 
really don't understand. And this means that adding the ips to my spf 
record is unlikely to help.

thanks for the help,
maria

More information about the Techtalk mailing list