Re: SPF breaks email forwarding

[ha...@t-online.de]

Domainkeys does less harm to forwarded messages than spf - a forwarder just has to put
a Sender: header there, rother than implement srs

Wolfgang Hamann

>> 
>> Michael Scheidell wrote:
>> >> -----Original Message-----
>> >> From: Graham Murray [mailto:graham@gmurray.org.uk] 
>> >> Sent: Monday, July 24, 2006 7:44 AM
>> >> To: users@spamassassin.apache.org
>> >> Subject: Re: New DNS Black list, White List, Yellow List
>> >>
>> >>
>> >> Ramprasad <ra...@netcore.co.in> writes:
>> >>
>> >>     
>> >>>  A lot of banks/legitimate bulk email senders  change their relay 
>> >>> server. Many reasons for that. The most common is that they use a 
>> >>> third party to relay their mails and these would keep changing
>> >>>       
>> >> Especially for banks and other high risk phishing targets, it 
>> >> would be much better if they did not do this. If all banks 
>> >> etc sent mail from a server whose IP address whose rDNS is 
>> >> xxx.bank.com and where xxx.bank.com resolves to the IP 
>> >> address from which the mail is sent, then it would 
>> >> considerably easier to detecting phishing and greatly improve 
>> >> the security for their customers.
>> >>     
>> >
>> > Even if the banks used spf hardfail, it would at least stop phishing to
>> > ISP's ans servers that knew about SPF.
>> >
>> > (you could bump SPF_HARDFAIL score to 15, or use spf to block offending
>> > connection right in postfix!)
>> >   
>> 
>> Except = SPF breaks email forwarding. It requires that the world change 
>> how email is forwarded and that's not going to happen. Thus if a bank 
>> has a hard fail and someone with an account on my server gets email from 
>> an account that is forwarded then my server sees the email as coming 
>> from an illegitimate source.
>> 
>>