[Mailman-Users] SPF best practices?
Mark Sapiro
mark at msapiro.net
Sun Aug 23 18:03:46 CEST 2015
On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
>
> Executive summary: if you're sure you've got all your hosts covered by
> the SPF record, use -all as Jim P says.
There is an issue with -all. SPF does not work with .forwards or other
relaying of that nature. If you can be certain that every recipient's
final MX is the one your server sends to, then -all is OK, but you can't.
The scenario is your list member is user at example.com. user at example.com
is set to forward all mail to example_user at yahoo.com. Yahoo receives the
list post with envelope from listname-bounces at your.list.server (or
listname-bounces+user=example.com at your.list.server if VERPed) for
example_user at yahoo.com from the server at example.com. The SPF for
your.list.server doesn't allow example.com as a relay, so SPF fails at
yahoo.com.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list