spfdiscuss at alandoherty
Oct 28, 2010, 9:16 PM
Post #10 of 21
(4975 views)
Permalink
|
|
Re: Is my hosting company forwarding email properly?
[In reply to]
|
|
At 03:55 29/10/2010 Friday, David Marcus wrote:
>OK. I missed the fact that the mail server is identifying itself as virgo.dns-shield.com, not example.com. Thanks.
and till that name points to that ip it will be smelling of forgery
>Here is a sample email that I send from example.com using a PHP script. This is the only way I send email from the domain.
again not sent from ratingcentral
sent from <apache [at] virgo>
the php is miss written or the apache user dosn't have permission to set the from address in the message envelope
(the from address in the
From:
line is irrelevant and could be anything as far as mailservers and SPF is concerned its just text)
the mail function call in php is
mail($mail_to, $mail_subject, $mail_message, $mail_header, "-f $mail_email")
the -f something [at] somethingels
defines the envelope-sender or from address
(at least this is how its done if you have sendmail exim or any mta i have seen, and the mta is configured to trust the apache user)
>Return-Path: <apache [at] virgo>
>Received: from mr21.lnh.mail.rcn.net (EHLO mr21.lnh.mail.rcn.net) ([207.172.157.191])
> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
> with ESMTP id ATP93953;
> Thu, 28 Oct 2010 22:51:24 -0400 (EDT)
>Received: from mx02.lnh.mail.rcn.net (mx02.lnh.mail.rcn.net [207.172.157.52])
> by mr21.lnh.mail.rcn.net (MOS 4.1.9-GA)
> with ESMTP id BEX23076;
> Thu, 28 Oct 2010 22:51:24 -0400
>Received: from alum-mailsec-relay-12.mit.edu ([18.7.68.32])
> by mx02.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 22:51:24 -0400
>Received: from alum-mailsec-scanner-3.mit.edu (ALUM-MAILSEC-SCANNER-3.MIT.EDU [18.7.68.14])
> by alum-mailsec-relay-12.mit.edu (8.13.8/8.12.8) with ESMTP id o9T2pN8F031186
> for <davidmarcus [at] alum-mailsec>; Thu, 28 Oct 2010 22:51:23 -0400
>X-AuditID: 1207440e-b7cd2ae0000068eb-d9-4cca36ab8891
>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
> by alum-mailsec-scanner-3.mit.edu (Symantec Brightmail Gateway) with SMTP id BC.2D.26859.BA63ACC4; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 2CD3322C47C
> for <davidmarcus [at] alum>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>X-No-Auth: unauthenticated sender
>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
> by virgo.dns-shield.com (Postfix) with ESMTP id 18B6A22C47B
> for <davidmarcus [at] alum>; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>Received: by virgo.dns-shield.com (Postfix, from userid 48)
> id 0DBFC22C47C; Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>To: davidmarcus [at] alum
>Subject: Test
>X-PHP-Originating-Script: 10825:EmailStuff.php
>From: "Ratings Central" <support [at] example>
>MIME-Version: 1.0
>Content-Type: text/plain; charset=ISO-8859-1
>Message-Id: <20101029025123.0DBFC22C47C [at] virgo>
>Date: Thu, 28 Oct 2010 22:51:23 -0400 (EDT)
>X-Virus-Scanned: OK
>X-Brightmail-Tracker: AAAAARZ9Apc=
>X-Junkmail-Status: score=10/50, host=mr21.lnh.mail.rcn.net
>
>Hello
>
>David
>
>>At 02:53 29/10/2010 Friday, David Marcus wrote:
>>>I'll rephrase the question. I own example.com. The address "support [at] example" receives mail from lots of people. The mail server at example.com forwards the mail to an email address at alum.mit.edu, which then forwards it to an address at rcn.com. Is spf for example.com relevant for mail forwarded by example.com? I.e., might alum.mit.edu or rcn.com check the spf for example.com?
>>
>>the actual question your asking is
>>
>>Is spf for example.com relevant for mail sent 'from lots of people'
>>the answer is no
>>
>>the reciever (person checking spf) has only 4 pieces of information
>>
>>the sender someone [at] example, the ip its coming from 69.72.218.66, the name that server 'claimed to be' virgo.dns-shield.com, the recipient address davidmarcus [at] alum
>>
>>so no it couldn't possibly have any idea that the mail has anything to do with the domain ratingcentral.com, how could it?
>>
>>
>>
>>
>>>David
>>>
>>>P.S. While MIT's spf records are interesting, my only connection with MIT is that I got my Ph.D. there, so I'll let the MIT IT folks worry about their email system.
>>>
>>>>At 01:36 29/10/2010 Friday, David Marcus wrote:
>>>>>I'm sorry, but I don't understand your answer.
>>>>
>>>>Im sorry I tried to be clear
>>>>
>>>>> In particular, I don't know who "your... as a receiver" refers to.
>>>>
>>>>you as the ultimate recipient of the mail
>>>>(or if you dont control the final receiving mail server, ie if your final receiving address is hosted elsewhere or rented from a 3rd party, they 'on your behalf', usually written as you)
>>>>
>>>>same as if i said 'you need to buy X' i don't actually mean you have to you can also send your wife/secretary or any other agent acting on your behalf
>>>>
>>>>>I moved my domain to a hosting company. I created the email address "support [at] example" (using the Plesk control panel) and set it to forward the emails to me. I read somewhere about spf. I checked the DNS records and see that my hosting company has set up an spf record for my domain. My question is, is the setup correct? If not, what needs to be changed? I don't know if the hosting company's mail servers check spf nor whether alum.mit.edu or rcn.com are checking spf. I could ask one or all three, if necessary, but first I'd like to know if things are correct, and if not, what is wrong.
>>>>
>>>>SPF is used by receivers to check the legitimacy of senders
>>>>
>>>>so your either interested in the use of it as a receiver to check mail from others
>>>>(your forwarding arrangements being relevant)
>>>>
>>>>or your interested in knowing about the spf setup of whatever address/servers you send from
>>>>(in which case you need to include details of what address you send from, and what servers/ip's you send via, and remove all mention of anything confusing like forwarders or incomming messages from the question)
>>>>
>>>>if you are not enquiring about how it pertains to your reception of email from others, then simply remove all reference to your forwarding and reception arrangements.
>>>>
>>>>and include instead how you send mail, then we (the readers) might be able to quess that you are talking about SPF in the context of how you send mail
>>>>
>>>>
>>>>in case you are talking about outgoing mail, as no details have been given the details available are only based on this mail you just sent so any analysis will be incomplete
>>>>
>>>>but looking at your headers
>>>>
>>>>(Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by
>>>> b-lb-mx-sd.listbox.com (Postfix) with ESMTP id 7EF75281B for
>>>> <spf-help [at] listbox>; Thu, 28 Oct 2010 20:36:46 -0400 (EDT)
>>>>Received: from David-PC.alum.mit.edu)
>>>>
>>>>tells me your mail comes from a server that helo/ehlo's as
>>>>
>>>>outgoing-alum.mit.edu which currently has no SPF record
>>>>(it should have "v=spf1 ip4:18.7.68.33 -all" based on the assumption it has only one ip address)
>>>>
>>>>you send from davidmarcus [at] alum
>>>>
>>>>the domain has an spf record of
>>>>"v=spf1 ip4:18.7.7.0/24 ip4:18.7.21.0/24 ip4:18.72.0.0/16 ip4:18.92.0.171/32 ip4:18.7.68.0/24 ~all"
>>>>
>>>>this spf record does include the above mailserver (along with 66300 others???)
>>>>so i do suspect your sending domains spf policy might be larger than entirely necessary, but this mail did pass the SPF policy for your domain
>>>>
>>>>one obvious improvement would be to remove the text '/32' form the above as its redundant
>>>>
>>>>
>>>>
>>>>>David
>>>>>
>>>>>>ok first off the question is flawed
>>>>>>
>>>>>>if you have address's setup to forward inbound mail to you, it is your duty as a receiver to either
>>>>>>A NOT check any mail from your forwarder-provider for SPF
>>>>>>B better to check only the pre-forwarder ip against the senders spf record
>>>>>>
>>>>>>as obviously it will be from whoever the original sender was (and their SPF will not list your forwarder as that would be INSANE)
>>>>>>
>>>>>>you as the owner/subscriber/user of the forwarder have this duty alone, if your server lacks the facility to whitelist ips from spf checks then either dont use it or the forwarder
>>>>>>-------------------------
>>>>>>additional, some forwarders (not yours in example given) do get around this requirement by using SRS
>>>>>>SRS == sender rewriting system
>>>>>>
>>>>>>ie sender sends mail from sender [at] origina to forwarder
>>>>>>forwarder sends mail to you with altered from of sender+original [at] forwarders-domai
>>>>>>thus mail arriving always passes SPF as its using an envelope of xxx [at] forwarders-domai
>>>>>>
>>>>>>this is at best a hack to get round badly setup receiving software,
>>>>>>one that works well and should be offererd (optionally) by all forwarders,
>>>>>>but if used makes SPF checking any mail from the forwarder entirely pointless as it will always pass and you never see the original sender
>>>>>>
>>>>>>thus forcing you to effectively take option A and making option B impossible
>>>>>>----------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>At 00:51 29/10/2010 Friday, David Marcus wrote:
>>>>>>>My domain is example.com. I have support [at] example set to forward my messages to davidmarcus [at] alum (which in turn forwards to david.marcus.phd [at] rcn). DNS has
>>>>>>>
>>>>>>>example.com. 14400 IN TXT "v=spf1 +a +mx -all"
>>>>>>>
>>>>>>>I sent an email from davidmarcus [at] alum to support [at] example See below. Are the headers correct for spf?
>>>>>>>
>>>>>>>David
>>>>>>>
>>>>>>>Return-Path: <davidmarcus [at] alum>
>>>>>>>Received: from mr18.lnh.mail.rcn.net (EHLO mr18.lnh.mail.rcn.net) ([207.172.157.38])
>>>>>>> by ms12.lnh.mail.rcn.net (MOS 4.1.9-GA FastPath queued)
>>>>>>> with ESMTP id ATP22327;
>>>>>>> Thu, 28 Oct 2010 17:23:42 -0400 (EDT)
>>>>>>>Received: from mx09.lnh.mail.rcn.net (mx09.lnh.mail.rcn.net [207.172.157.59])
>>>>>>> by mr18.lnh.mail.rcn.net (MOS 4.1.9-GA)
>>>>>>> with ESMTP id BVQ54291;
>>>>>>> Thu, 28 Oct 2010 17:23:42 -0400
>>>>>>>Received: from alum-mailsec-relay-4.mit.edu ([18.7.68.24])
>>>>>>> by mx09.lnh.mail.rcn.net with ESMTP; 28 Oct 2010 17:23:41 -0400
>>>>>>>Received: from alum-mailsec-scanner-1.mit.edu (ALUM-MAILSEC-SCANNER-1.MIT.EDU [18.7.68.12])
>>>>>>> by alum-mailsec-relay-4.mit.edu (8.13.8/8.12.8) with ESMTP id o9SLLBlj024993
>>>>>>> for <davidmarcus [at] alum-mailsec>; Thu, 28 Oct 2010 17:23:40 -0400
>>>>>>>X-AuditID: 1207440c-b7be1ae000007e9d-da-4cc9e9dc9c57
>>>>>>>Received: from virgo.dns-shield.com (virgo.dns-shield.com [69.72.218.66])
>>>>>>> by alum-mailsec-scanner-1.mit.edu (Symantec Brightmail Gateway) with SMTP id 23.5D.32413.CD9E9CC4; Thu, 28 Oct 2010 17:23:40 -0400 (EDT)
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id CDB3422C3E1
>>>>>>> for <davidmarcus [at] alum>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>X-No-Auth: unauthenticated sender
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id B867222C3D8
>>>>>>> for <davidmarcus [at] alum>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: by virgo.dns-shield.com (Postfix, from userid 110)
>>>>>>> id AD89322C3F9; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>X-Original-To: support [at] example
>>>>>>>Delivered-To: support [at] example
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 9785A22C3E1
>>>>>>> for <support [at] example>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from virgo.dns-shield.com (localhost.localdomain [127.0.0.1])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP id 7EE8822C3D8
>>>>>>> for <support [at] example>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33])
>>>>>>> by virgo.dns-shield.com (Postfix) with ESMTP
>>>>>>> for <support [at] example>; Thu, 28 Oct 2010 17:23:39 -0400 (EDT)
>>>>>>>Received: from David-PC.alum.mit.edu (209-6-42-72.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com [209.6.42.72])
>>>>>>> (authenticated bits=0)
>>>>>>> (User authenticated as davidmarcus [at] ALUM)
>>>>>>> outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id o9SLNcW0019029
>>>>>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
>>>>>>> for <support [at] example>; Thu, 28 Oct 2010 17:23:39 -0400
>>>>>>>Message-Id: <201010282123.o9SLNcW0019029 [at] outgoing-alum>
>>>>>>>X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
>>>>>>>Date: Thu, 28 Oct 2010 17:23:38 -0400
>>>>>>>To: support [at] example
>>>>>>>From: David Marcus <davidmarcus [at] alum>
>>>>>>>Subject: Hi
>>>>>>>Mime-Version: 1.0
>>>>>>>Content-Type: text/plain; charset="us-ascii"; format=flowed
>>>>>>>X-Virus-Scanned: OK
>>>>>>>X-Virus-Scanned: OK
>>>>>>>X-Brightmail-Tracker: AAAAAhZ9ApcWfcXe
>>>>>>>
>>>>>>>Hi.
>>>>>>>
>>>>>>>David
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>-------------------------------------------
>>>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>>>
>>>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028195130:48738E3A-E2EE-11DF-ABDC-D258EA0A6D4C
>>>>>>>Powered by Listbox: http://www.listbox.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>-------------------------------------------
>>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>>
>>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028201521:9CF9C30E-E2F1-11DF-9791-B07A631276BD
>>>>>>Powered by Listbox: http://www.listbox.com
>>>>>
>>>>>
>>>>>
>>>>>-------------------------------------------
>>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>>
>>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028203650:9D2AD798-E2F4-11DF-B4F0-F7F511A2F01B
>>>>>Powered by Listbox: http://www.listbox.com
>>>>
>>>>
>>>>
>>>>-------------------------------------------
>>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>>
>>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028212854:E3ADA96E-E2FB-11DF-BA7B-0351631276BD
>>>>Powered by Listbox: http://www.listbox.com
>>>
>>>
>>>
>>>-------------------------------------------
>>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>>
>>>Archives: https://www.listbox.com/member/archive/1020/=now
>>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>>>Modify Your Subscription: https://www.listbox.com/member/?&
>>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028215400:649FA84E-E2FF-11DF-A5D8-8735A31AEBAB
>>>Powered by Listbox: http://www.listbox.com
>>
>>
>>
>>-------------------------------------------
>>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>>
>>Archives: https://www.listbox.com/member/archive/1020/=now
>>RSS Feed: https://www.listbox.com/member/archive/rss/1020/19999872-92c3676a
>>Modify Your Subscription: https://www.listbox.com/member/?&
>>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028224138:0C9760EA-E306-11DF-8CAF-AA3199303823
>>Powered by Listbox: http://www.listbox.com
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/15739084-a04d3caa
>Modify Your Subscription: https://www.listbox.com/member/?&
>Unsubscribe Now: https://www.listbox.com/unsubscribe/?&&post_id=20101028225536:FFDBC4E8-E307-11DF-8910-9ED175D2CD1C
>Powered by Listbox: http://www.listbox.com
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/1311530-08394398
Modify Your Subscription: https://www.listbox.com/member/?member_id=1311530&id_secret=1311530-644bccd5
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=1311530&id_secret=1311530-512c0f9e&post_id=20101029001616:450305F8-E313-11DF-BAFE-F088ABE95EFE
Powered by Listbox: http://www.listbox.com
|
