Simple Python script as SMTP server for outgoing e-mails?
duncan.booth at invalid.invalid
Tue Jul 23 12:06:44 CEST 2013
Chris Angelico <rosuav at gmail.com> wrote:
> On Tue, Jul 23, 2013 at 6:06 PM, Duncan Booth
<duncan.booth at invalid.invalid> wrote:
>> I have a very common situation where an overly strict SPF may cause
>> Like many people I have multiple email addresses which all end up in
>> the same inbox. The one I most commonly give out to businesses
>> bounces the email unchanged to the gmail inbox that I use. That means
>> all emails I receive through that email address appear to Google to
>> have originated from the forwarding servers. An SPF record from the
>> original sender that claims to have a complete list of originating
>> servers will therefore fail validation.
> Ah, there's a solution to this one. You simply use your own
> envelope-from address; SPF shouldn't be being checked for the From:
> header. Forwarding and using the original sender's address in the SMTP
> 'MAIL FROM' command is forging mail from them, so it is correct for
> that to be thrown out. The mail is coming from your own account, so
> you put your address in it, and you might even be able to put an
> uber-strict SPF record like "v=spf1 ip4:188.8.131.52 -all" which is quick
> to process and guarantees that nobody can pretend to forward mail on
> your behalf. The checks are for the *current connection*, not anything
Excellent idea, I'll tell the email forwarding service to rewrite their
system immediately. Or I could just tell Google to rewrite their email
system to know about and strip off the forwarding service's headers: that's
probably about as easy. Or maybe I could just ask you to add the
forwarder's SPF record into your own?
I know that I could arrange things so that my emails don't trigger this
situation, but that isn't the point. The point is that this situation
happens quite commonly, therefore you as the sender of an email with a
strict SPF are going to find systems rejecting emails you send that would
get through if you have a less strict one.
That is of course your choice, but many users of email would prefer to
maximise the chance of the email they send arriving rather than reducing
slightly the chance of people they may not even know receiving spam.
You could also try combining SPF with DKIM although that has its own,
different failure scenarios.
More information about the Python-list