Simple Python script as SMTP server for outgoing e-mails?

Duncan Booth duncan.booth at invalid.invalid
Tue Jul 23 12:06:44 CEST 2013


Chris Angelico <rosuav at gmail.com> wrote:
> On Tue, Jul 23, 2013 at 6:06 PM, Duncan Booth
<duncan.booth at invalid.invalid> wrote:
>> I have a very common situation where an overly strict SPF may cause
>> problems:
>>
>> Like many people I have multiple email addresses which all end up in
>> the same inbox. The one I most commonly give out to businesses
>> bounces the email unchanged to the gmail inbox that I use. That means
>> all emails I receive through that email address appear to Google to
>> have originated from the forwarding servers. An SPF record from the
>> original sender that claims to have a complete list of originating
>> servers will therefore fail validation.
> 
> Ah, there's a solution to this one. You simply use your own
> envelope-from address; SPF shouldn't be being checked for the From:
> header. Forwarding and using the original sender's address in the SMTP
> 'MAIL FROM' command is forging mail from them, so it is correct for
> that to be thrown out. The mail is coming from your own account, so
> you put your address in it, and you might even be able to put an
> uber-strict SPF record like "v=spf1 ip4:1.2.3.4 -all" which is quick
> to process and guarantees that nobody can pretend to forward mail on
> your behalf. The checks are for the *current connection*, not anything
> earlier.
> 

<sarcasm>
Excellent idea, I'll tell the email forwarding service to rewrite their 
system immediately. Or I could just tell Google to rewrite their email 
system to know about and strip off the forwarding service's headers: that's 
probably about as easy. Or maybe I could just ask you to add the  
forwarder's SPF record into your own?
</sarcasm>

I know that I could arrange things so that my emails don't trigger this 
situation, but that isn't the point. The point is that this situation 
happens quite commonly, therefore you as the sender of an email with a 
strict SPF are going to find systems rejecting emails you send that would 
get through if you have a less strict one.

That is of course your choice, but many users of email would prefer to 
maximise the chance of the email they send arriving rather than reducing 
slightly the chance of people they may not even know receiving spam.

You could also try combining SPF with DKIM although that has its own, 
different failure scenarios.

-- 
Duncan Booth



More information about the Python-list mailing list