[Mailman-Users] SPF best practices?

Mark Sapiro mark at msapiro.net
Sun Aug 23 18:03:46 CEST 2015

On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
> Executive summary: if you're sure you've got all your hosts covered by
> the SPF record, use -all as Jim P says.

There is an issue with -all. SPF does not work with .forwards or other
relaying of that nature. If you can be certain that every recipient's
final MX is the one your server sends to, then -all is OK, but you can't.

The scenario is your list member is user at example.com. user at example.com
is set to forward all mail to example_user at yahoo.com. Yahoo receives the
list post with envelope from listname-bounces at your.list.server (or
listname-bounces+user=example.com at your.list.server if VERPed) for
example_user at yahoo.com from the server at example.com. The SPF for
your.list.server doesn't allow example.com as a relay, so SPF fails at

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list