Yesterday’s Thoughts

June 16, 2005

Sender Policy Framework – Part II

I got around to implementing Sender Policy Framework (SPF) on my own incoming mail. I was inspired by 1) not having seen any bounced spam with my return address since I added an SPF record and 2) not being sure that I had done it correctly and so worrying that the mail I was now able to send was being blocked.

Adding SPF to sendmail was not that hard. You have to build sendmail with MILTER defined which you do in the devtools/Site/site.config.m4 file. I made a mistake the first time through and defined it in site.config.mc, a la the sendmail runtime configuration files, which caused me quite a bit of head scratching, and then, for some reason, the sendmail build didn’t automatically install the libmiter.a library, which caused me quite a bit more. I think that the second problem is a consequence of the first. I should have done a clean build after I discovered the definition problem, but I didn’t.

The disappointing result is that SPF cannot really help me. As I mentioned before, Earthlink blocks port 25 of my server, so all of my mail is relayed through DynDNS to a different port. As a result, all of my mail appears to comes from DynDNS, not from the original server, and none of it can be authenticated. This is a result that I contemplated, but did not fully embrace. (Hmmm, Ways of Knowing? Ways of not thinking through what you are doing? Ways of learning by doing?)

There is a nice figure of why this is at pobox. My situation is on the lower left pathway there. The blue one labeled “Apparent Forgery.” At least it only the “bad” apparent forgery, not the “ugly” apparent forgery.

I need to rely on DynDNS to authenticate my mail for me, or get Earthlink to open up port 25 for me. By sending myself a message to my gmail account, I did manage to see that I do have SPF set up correctly for warmroom.com.

Sorry, comments for this entry are closed at this time.