On Wed, 15 Jul 2015, Bowie Bailey wrote:
On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
Why is it looking for an SPF record for rrdesp.com? That is the sending
server, shouldn't it be using the domain from the From or Envelope-From
instead? This SPF check looks backwards to me. Am I missing something?
No, you are on the right path. SPF checks the envelope not the From:
Header. Without something like DKIM, the whitelist_auth likely isn't
applicable for your situation.
staplesbilling.com actually uses DKIM, but it always comes up as invalid by
the time SA sees it, so that isn't particularly useful. I managed to get my
MTA to add a Received-SPF header, but SA ignores it - presumably because the
MTA puts it at the bottom of the headers rather than inline with the Received
headers.
Why doesn't SA check SPF for the From header? Isn't the whole point of SPF
to be able to link the From address to a list of servers allowed to send mail
from that address?
It wants to check the SMTP envelope-From address, -not- the header-From address.
At SMTP transport time, the header-From address isn't available.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
