Ugo Bellavance ugob at camo-route.com
Mon Sep 25 16:34:52 IST 2006


	For those who are having or recommending SPF records to your clients, I 
discovered something recently that may cause problems with sending to 
Microsoft Exchange 2003+ server.

 From http://en.wikipedia.org/wiki/Sender_id

"The most problematic point in the core SenderID specification is its
recommendation to interpret v=spf1 policies like spf2.0/mfrom,pra
instead of spf2.0/mfrom."

It is hard to explain in a few lines, but what means is that spf1 uses 
the "mail from" to do its SPF test.  However, if an Exchange 2k3 server 
is configured to do Sender-ID checks, it will try to use PRA (Purported 
Responsible Address) as well as mfrom.  Unfortunately, PRA is not widely 
supported, so while someone had no problems with spf1 records, sending 
to an Exchange 2k3 server (or any server that does Sender-ID checks) may 
cause problems.

The solution?

add a second TXT record:

"spf2.0/pra ?all"

or change your v-spf1 to spf2.0/mfrom



More information about the MailScanner mailing list