[lug] SPF filtering on outbound recipient
Zan Lynx
zlynx at acm.org
Wed Feb 8 15:52:54 MST 2017
On 02/08/2017 02:55 PM, Jed S. Baer wrote:
> Hi Folks.
>
> Any SPF experts here? I've been doing some web searching, but not finding
> directly useful information.
>
> Problem: Jefferson County Library has declared my e-mail address invalid,
> due to lack of an SPF record. They're filtering outbound mail they're
> generating, using the recipient mail domain. This seems, at first blush,
> odd, since SPF is "sender" permission framework, rather than "recipient"
> permission framework.
>
> The TLD cotse.net does have an SPF record, but apparently, that doesn't
> help. Maybe it should?
>
> Is it a mis-application of SPF to filter outbound mail in this fashion?
It sounds odd to me. It might have happened if they dropped a standard
SpamAssassin setup onto their outgoing mail though. I believe the
default configurations usually set a mail host as if it controls all of
the domains it is sending mail for. Other setups are mail relays and
much more dangerous to configure.
If the TLD does have a SPF then the SPF must list the library's mail
system as a valid sender. If it isn't listed as a valid sender then all
SPF checks (SpamAssassin and others) will believe that the email is faked.
I see the record is:
> cotse.net. 900 IN TXT "v=spf1 +mx ptr:packetderm.com a:out.packetderm.com ~all"
I don't think any of those are Jefferson County Library.
--
Knowledge is Power -- Power Corrupts
Study Hard -- Be Evil
More information about the LUG
mailing list