On Wed, 6 Oct 2010 12:13:25 +1100 James Gray <ja...@gray.net.au> wrote:
> > On 06/10/2010, at 9:37 AM, Noel Butler wrote: > > > On Tue, 2010-10-05 at 23:46 +0200, mouss wrote: > >> Le 04/10/2010 23:03, Terry Gilsenan a écrit : > >>> Configure postfix to use SPF, and setup an SPF record in DNS for that > >>> domain. > >>> > >> > >> then what? you reject mail because of spf fail? that would lead to false > >> positives... > >> > >> > > > > We've used it for years, had very little complaints, maybe half a dozen in > > all that time. > > SPF is a "must use" IMHO, and by use of "-all" ... providing you > > configure your DNS correctly. > > ...and then a user puts in a .forward file (or equivalent) to send mail to > another address. Now SPF if broken on the forwarded account as your mail > server very likely doesn't have an SPF record for the original sender. Ooops > - SPF is broken in these situations and therefore can't be used to > arbitrarily reject messages on SPF failures. The best it can do is be added > as a heuristic to an overall message evaluation (spamassassin et al). We neither publish nor use SPF records; broken by design. > > Cheers, > > James -- John
