-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2013-05-07 at 21:38 +0200, Per Jessen wrote:
Well, SPF is at least in the mix. The problem is that a mail is sent from bugzilla, from an IP-address listed in the SPF record for "novell.com". That's all very good right up until the mail goes to a "computer.org" or "opensuse.org" alias (for instance) and is _forwarded_ to the actual recipient address. Forwarding breaks SPF and a forwarding mail-server would need to use SRS to fix it.
I did a test. As my ISP refuses to send my email with my opensuse.org alias (since ever, even using authentication), I use gmail for the task. I tried it just now, sending from one gmail account to my telefonica account, but using the opensuse.org from address. It worked - but the reason is this: +++··························· Return-Path: <robin.....@gmail.com> Received: from IMPmx6.adm.correo (10.20.102.113) by tems9.backend.correo (8.5.137.03) id 51102A7C01857381 for robin....@telefonica.net; Fri, 10 May 2013 18:17:42 +0200 Sender: robin.....@gmail.com From: "Carlos E. R." <carlos...@opensuse.org> ···························++- So, as far as telefonica SPF test is concerned, the email is sent from "robin.....@gmail.com" via a gmail server, so it is ok. But I can not really send email with the opensuse.org alias, the non aliased name is prominent in the headers. +++··························· cer@Telcontar:~> host -t txt gmail.com gmail.com descriptive text "v=spf1 redirect=_spf.google.com" cer@Telcontar:~> host -t txt _spf.google.com _spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ?all" cer@Telcontar:~> ···························++- I was googling on this, and found a link: http://seocompanyphoenix.com/112-google-spf-hardfails/ What they do is this: v=spf1 ip4:.... include:_spf.google.com ~all This is also commented here: http://productforums.google.com/forum/#!topic/apps/y3-p-BwWWcc That is, they include google as an authorized sender on their domain (not google domain). It is as if opensuse.org would add gmail.com as authorized sender in the opensuse.org dns records - hardly feasible, as each member uses different sending method, I guess. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlGNJIAACgkQtTMYHG2NR9XGhgCghEg70PNHK/8R4i6uqo2KmzU2 MToAnijZ4o1vs89phY3YqjXn0R35MenS =d6MB -----END PGP SIGNATURE-----