Handling of SPF Fail in cPanel
Our smallish professional society maintains a commercially hosted website, of which I am webmaster. As part of the society"s service to its members we provide professional email addresses of the form membername@oursoc.org[/EMAIL]. Emails thus addressed are forwarded to whatever address the member nominates, with the forwarder set up in cPanel. So far so good.
Our society also uses addresses of the form society_officer@oursoc.org[/EMAIL], which are forwarded to the relevant position holders in the same way. Depending on the position these may be forwarded to more than one individual. Again, so far so good.
The society employs the services of a professional secretariat, which members reach via the publically advertised address oursoc@oursoc.org[/EMAIL], which cPanel then forwards to oursoc@secretariat.com[/EMAIL] . This is where the problem starts. Mail originating from one organisation to which some of our members belong is being rejected by our secretariat"s system with a report "SPF error". This is a serious problem for us.
An apparently relevant Wikipedia article at Sender Policy Framework - Wikipedia, the free encyclopedia says, inter alia (I"ve modified the layout but not the wording):
FAIL and forwarding
SPF breaks plain message forwarding. When a domain publishes an SPF FAIL policy, legitimate messages sent to receivers forwarding their mail to third parties may be rejected and/or bounced if all of the following occur:
1. The forwarder does not rewrite the Return-Path, unlike mailing lists.
2. The next hop does not whitelist the forwarder.
3. This hop checks SPF.
This is a necessary and obvious feature of SPF " checks behind the "border" MTA (MX) of the receiver cannot work directly.
Publishers of SPF FAIL policies must accept the risk that their legitimate emails are being rejected or bounced. They should test (e.g., with a SOFTFAIL policy) until they are satisfied with the results. See below for a list of alternatives to plain message forwarding.
Conditions 2 and 3 are met so I"m assuming that condition 1 is met also. Is there any way I can modify anything so that a Return Path is written? Or is this likely to be insufficient? The secretariat is unwilling to whitelist the organisation involved, fearing that such a move would open the door to spam. I inherited this website and the associated problems. The site"s original designer is no longer available. I know a little about cPanel, but clearly I don"t know enough. Any help will be appreciated.
Conditions 2 and 3 are met so I"m assuming that condition 1 is met also. Is there any way I can modify anything so that a Return Path is written? Or is this likely to be insufficient? The secretariat is unwilling to whitelist the organisation involved, fearing that such a move would open the door to spam. I inherited this website and the associated problems. The site"s original designer is no longer available. I know a little about cPanel, but clearly I don"t know enough. Any help will be appreciated.
-
Hello :) cPanel version 54 introduces Sender Rewriting Scheme (SRS) functionality to Exim. This will address issues with email forwarding in Sender Policy Framework (SPF). Version 54 is not yet released to production build tiers, but feel free to communicate with your web hosting provider once this version is available for production servers to see if they plan on enabling SRS functionality. Thank you. 0
Please sign in to leave a comment.
Comments
1 comment