> The SPF of molgen.mpg.de has `~all` (soft fail): > > $ dig txt molgen.mpg.de +short > "v=spf1 ip4:141.14.0.0/16 ~all"
But this is irrelevant. The envelope-from of a forwarded message is the original one - if you do not deliberately rewrite it - and in such a case, the SPF that is evaluated at the forwarding destination should be that of the original sender, nothing to do with yours. As for DKIM, if the forwarded message did not contain a DKIM signature to begin with, then your options would be 1) continuing to occasionally forward mail that is not DKIM signed at all or 2) figuring out a way to sign what is essentially random email from random third parties using your reputation, which may not be what you wanted either. > We do not want to set up DKIM due to the increased message size, Now there's a straw man if I ever saw any. If you're worrying about adding 5-15 lines to messages that frequently contain hundreds, thousands of lines, you have the luxury of having problems that nobody else has. > and complexity of key handling. Is there an alternative? You can do it. A man+dog shop (looking at the mirror) can do it, so a university department with people on the IT payroll can do it. (But you may still not want to sign mail sent by random folks on the Internet with your domain.) -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
