Hey! You can find the more modern, updated version of this question and answer here. Whoops @ the newsletter automation choosing this old article for inclusion in this a 2022 newsletter.
Hey! You can find the more modern, updated version of this question and answer here. Whoops @ the newsletter automation choosing this old article for inclusion in this a 2022 newsletter.
Hi,
ReplyDeleteas I am really not in favour of this broken SPF "standard" (DKIM is much preferred), I want to propose another option for someone plagued by bounces for messages that he did never send:
Add a cryptographic "x-Bounce-key" or similar header to all email you sent.
If a bounce comes in, check the header key in the SMTP stage, and if it is missing or invalid, refuse the email with a clear error message such as "550 Invalid Bounce Key: You either stripped the original message headers or this email NEVER originated from here. BOUNCE REJECTED. Read: http://xxx.xxx.xxx.
That prevents 100% of all bounces for forged messages plus it has the benefit of filtering some spam as well. And as of making email forgeries transparent, DKIM will do that without the headaches of SPF/SRS.
Cheers,
James
I'm not a fan for introducing something new. I believe this would false positive, based on the number of strange NDRs I've seen out there in the world.
ReplyDeleteI think it's insulting to call SPF broken. I think SPF works just fine. There are some things it does and some other things it doesn't do. Like with many things.