Simple Python script as SMTP server for outgoing e-mails?

Duncan Booth duncan.booth at invalid.invalid
Tue Jul 23 10:06:00 CEST 2013


Chris Angelico <rosuav at gmail.com> wrote:

> On Tue, Jul 23, 2013 at 12:08 AM, Michael Torrie <torriem at gmail.com>
> wrote: 
>> On 07/22/2013 06:51 AM, Chris Angelico wrote:
>>>> Thanks for the tip. I didn't know about SPF
>>>> http://en.wikipedia.org/wiki/Sender_Policy_Framework
>>>
>>> It's a great way of detecting legit vs forged mail. If anyone tries
>>> to send mail purporting to be from anything at kepl.com.au and the
>>> receiving mail server is checking SPF records, it'll be rejected
>>> after one cheap DNS lookup. It's a simple and cacheable way to ask
>>> the owning server, "Is this guy allowed to send mail for you?". (The
>>> 192.168 block in my SPF record above is permitted to allow some
>>> intranet conveniences; omit it unless you need it.)
>>
>> Yes setting SPF records will help your mail be accepted by other
>> servers, but I disagree with your appeal to make mail server SPF
>> handling as strict as your server does. SPF has problems in a number
>> of situations which could cause legitimate mail to be rejected.  In
>> my last job I could only use SPF as one spam factor, not as a basis
>> for rejection. 
> 
> If legit mail is rejected for failing an SPF check, it's the sending
> admin's problem, not yours. You should never have problems with it if
> it's set up correctly. And since rejected mail gets reported to the
> transmitting MTA, you don't need to drop it in a spambox or anything.
> It's not spam, it's simply invalid mail (equivalent to something sent
> to a dud address).
> 
If you want your emails to have the best chance of arriving your SPF should 
list servers you use but not deny that there might be others.

I have a very common situation where an overly strict SPF may cause 
problems:

Like many people I have multiple email addresses which all end up in the 
same inbox. The one I most commonly give out to businesses bounces the 
email unchanged to the gmail inbox that I use. That means all emails I 
receive through that email address appear to Google to have originated from 
the forwarding servers. An SPF record from the original sender that claims 
to have a complete list of originating servers will therefore fail 
validation.

It isn't Google's fault: they can't ignore the forwarding step otherwise 
spammers could bypass SPF simply by claiming to be forwarding the emails. 
It is simply a limitation of the SPF protocol. Fortunately they only use 
SPF as one indicator so real messages still get through.

-- 
Duncan Booth



More information about the Python-list mailing list