5

I run an SMTP server with SPF enabled, and I need to email users from a list of academic addresses. Thing is, these addresses are used to forward emails to the end user. And SPF breaks forwarding, as I figured out the hard way (554 5.7.9 errors from Yahoo).

As far as I can think, I am left with few options :

  1. Ask sysadmins to implement SRS or other workarounds.
  2. Add these MX domains as authorized SPF domains ;
  3. (Temporarily ?) disable SPF.

All these options have serious downsides. Are there other options ?

Skippy le Grand Gourou
  • 1,205
  • 17
  • 24

2 Answers2

2

SPF is broken there, so the only reasonable policy is a mx ?all. Anything else will result in a long list of whitelisted or blacklisted ips.

allo
  • 1,620
  • 2
  • 22
  • 39
  • Yes, that's actually what I meant by "disabling SPF", since I read in many places that in practice the only useful SPF policy was `-all`. The main downside of this option is that it may increase the probability of my emails being flagged as spam (since my domain name has almost no history, some already do anyway…). – Skippy le Grand Gourou Mar 29 '17 at 20:12
  • 1
    ``-all`` would be one of the best options, if SPF could actually work this way, what isn't the case with how e-mail works. You may get some points for ``a mx ?all``, as you're at least sending from a whitelisted ip. You won't stop people spamming in your name. Add DKIM to your server and setup a DMARC record. If your ip has too bad reputation, you may need to use the hotmail support form as well. They are very strict. – allo Mar 30 '17 at 19:43
  • 1
    Any suggestions on `~all` vs `?all` – hultqvist Sep 12 '17 at 10:05
1

As far as I'm aware, the only option is SPF Sender Rewriting Scheme.

mythofechelon
  • 905
  • 3
  • 24
  • 42