OT: SPF
Ugo Bellavance
ugob at camo-route.com
Mon Sep 25 16:34:52 IST 2006
Hi,
For those who are having or recommending SPF records to your clients, I
discovered something recently that may cause problems with sending to
Microsoft Exchange 2003+ server.
From http://en.wikipedia.org/wiki/Sender_id
"The most problematic point in the core SenderID specification is its
recommendation to interpret v=spf1 policies like spf2.0/mfrom,pra
instead of spf2.0/mfrom."
It is hard to explain in a few lines, but what means is that spf1 uses
the "mail from" to do its SPF test. However, if an Exchange 2k3 server
is configured to do Sender-ID checks, it will try to use PRA (Purported
Responsible Address) as well as mfrom. Unfortunately, PRA is not widely
supported, so while someone had no problems with spf1 records, sending
to an Exchange 2k3 server (or any server that does Sender-ID checks) may
cause problems.
The solution?
add a second TXT record:
"spf2.0/pra ?all"
or change your v-spf1 to spf2.0/mfrom
Regards,
Ugo
More information about the MailScanner
mailing list