Anyone using SPF/SRS/SenderID ?

[Andrew Daviel <advax () TRIUMF CA>]

Following the hype a few years back, I created an SPF record for us.
But because of the problems with road warriors and mail forwarding, it's
still set to "neutral".

I've had SRS on my to-do list for a while, and was just looking at a
project which integrates SRS into sendmail.

Is anyone actually using this, or is it a technology of interest only to
bulk mailers ?  (I understand that many universities are also bulk
mailers, but I guess they may outsource this)


If I understand this stuff correctly, our SPF record says "mail from
example.com may or may not come from 192.168/16", because
1) some users are on sabbatical at example.ac.uk, and mail out via 172.16/12
   as joe () example com
2) users from example.ac.uk on sabbatical here may forward mail
   from bert () example com to bert () example ac uk, which will see it coming
   from 192.168/16 instead of the original domain
3) users from Britain on sabbatical in Japan have mail for
   ann () example ac uk forwarded to ann () example ac jp.
   If fred () example com mails ann () example ac uk, example.ac.jp will
   see it coming from 172.16/12 not 192.168/16

#1 we can fix through education. Many people now use webmail which
sidesteps the issue
#2 we can fix with SRS which rewrites the return path
#3 we have no control over. If we set our SPF record to "fail" then we
need example.ac.uk to implement SRS otherwise example.ac.jp could reject
mail from fred () example com as spam


https://www.microsoft.com/presspass/press/2007/apr07/04-18SenderIDPR.mspx
"Sender ID Framework Reaches Tipping Point"
http://www.openspf.org/SRS
http://www.openspf.org/

(I see that senderID and SPF are different but confused to the point of
senderID potentially borking some SPF users :-(   )
senderID I think requires forwarders to add a "Sender" or "Resent-From"
header, but I haven't fully checked.


--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager