SPF query

Spicer, Kevin Kevin.Spicer at BMRB.CO.UK
Thu Jan 29 12:57:49 GMT 2004

Michele Neylon :: Blacknight Solutions wrote:
> I was reading up on this a bit last night and was wondering what
> others thought.
> My understanding is that SPF checks that the sender is *from* the
> domain, but how would that work in the case where the domain is split?
> ie. mail is handled in one location, web in another. The website, for
> example, generates emails to users with the From field

My understanding is slightly different.  I think you just nominate which machines are allowed to send mail for the domain.  This can be either specific hosts, all hosts in a domain, Mx's for a domain.  Thus machine.domain1.net can send mail for machine.domain2.net, so long as the SPF record for domain2.net nominates machine.domain1.net as a valid sender.

If you are talking about web forms (such as feedback forms) that ask the user for their address and when the form is submitted the web server sends a mail forging the sender address to be that the user typed in then I would say this is a misuse.  I believe (although I have not checked the standards, never having had to implement this myself) that the from address should be an account on the web server (i.e. the real 'from'), but that you could set the Reply-To header to ensure that replies are send to the address provided by the user.

BMRB International 
+44 (0)20 8566 5000
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB International Limited 
accepts no liability in relation to any personal emails, or 
content of any email which does not directly relate to our 

More information about the MailScanner mailing list