![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
On 2020/02/26 01:19, Per Jessen wrote:
In his DNS, Paul has set up an SPF record for his domain "paul-neuwirth.nl". This record is public and informs everyone which server is allowed to send mails from "@paul-neu...". It also says what to do when mails are sent from a server not listed.
When Paul posts to this list:
a) ...
e) Yahoo does an SPF check, which fails as the mail from @paul-neu... is now being sent by mx.suse.de which is not listed in the SPF record.
f) the policy says to refuse any mail not coming from a listed server, so Yahoo correctly / immediately bounces the mail.
g) the bounce eventually ends up on the list server being flagged as "could not deliver to paka@".
====== Seems like when the email is resent from suse, suse should add it's own SPF -- but enforcing the SPF rules against forwarding servers (whether internal to an email list or internal to a receiving ISP) seems wrong -- like SPF was never intended to be compared against 'in-transit' hosts -- only the source of the original message, no? Certainly with SPF, it should only be enforced against the original sender. BTW, where does DKIM fit into all this? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org