form mails and sender verification

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

form mails and sender verification

Zbigniew Szalbot-9
Hello,

I am looking for an advice how to configure form mails on web pages so
that I avoid something like this:

Jun 20 07:31:28 relay postfix/smtp[12391]: E982BB8026:
to=<[hidden email]>, relay=mx1.hotmail.com[65.54.245.8]:25,
delay=1.6, delays=0.11/0/0.78/0.69, dsn=2.0.0, status=sent (250 mail
from IP 62.121.130.110 soft failed sender ID check. Please ensure this
IP is authorized to send mail on behalf of [hotmail.fr])
Jun 20 07:31:28 relay postfix/qmgr[34924]: E982BB8026: removed

There's a form which people can use to send an e-card to someone else.
So our relay server may be used to relay an email from any domain to any
domain. However, we have configured SPF records and are using DKIMs.

Do I understand correctly that for such setup to work, the envelope-from
field should have a valid email at our domain?

Many thanks in advance! And last but not least - many thanks for postfix!

Zbigniew Szalbot
www.lc-words.com

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: form mails and sender verification

Scott Kitterman-4
On Friday 20 June 2008 02:06, Zbigniew Szalbot wrote:

> Hello,
>
> I am looking for an advice how to configure form mails on web pages so
> that I avoid something like this:
>
> Jun 20 07:31:28 relay postfix/smtp[12391]: E982BB8026:
> to=<[hidden email]>, relay=mx1.hotmail.com[65.54.245.8]:25,
> delay=1.6, delays=0.11/0/0.78/0.69, dsn=2.0.0, status=sent (250 mail
> from IP 62.121.130.110 soft failed sender ID check. Please ensure this
> IP is authorized to send mail on behalf of [hotmail.fr])
> Jun 20 07:31:28 relay postfix/qmgr[34924]: E982BB8026: removed
>
> There's a form which people can use to send an e-card to someone else.
> So our relay server may be used to relay an email from any domain to any
> domain. However, we have configured SPF records and are using DKIMs.
>
> Do I understand correctly that for such setup to work, the envelope-from
> field should have a valid email at our domain?
>
> Many thanks in advance! And last but not least - many thanks for postfix!

I think http://www.openspf.org/Best_Practices/Webgenerated explains it.

If not, following up on the spf-help list (see http://www.openspf.org/Forums)
is probably best.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: form mails and sender verification

mouss-2
In reply to this post by Zbigniew Szalbot-9
Zbigniew Szalbot wrote:

> Hello,
>
> I am looking for an advice how to configure form mails on web pages so
> that I avoid something like this:
>
> Jun 20 07:31:28 relay postfix/smtp[12391]: E982BB8026:
> to=<[hidden email]>, relay=mx1.hotmail.com[65.54.245.8]:25,
> delay=1.6, delays=0.11/0/0.78/0.69, dsn=2.0.0, status=sent (250 mail
> from IP 62.121.130.110 soft failed sender ID check. Please ensure this
> IP is authorized to send mail on behalf of [hotmail.fr])
> Jun 20 07:31:28 relay postfix/qmgr[34924]: E982BB8026: removed
>
> There's a form which people can use to send an e-card to someone else.
> So our relay server may be used to relay an email from any domain to
> any domain. However, we have configured SPF records and are using DKIMs.

SPF and DKIM apply to domains you manage. you cannot set the SPF record
for hotmail!
>
> Do I understand correctly that for such setup to work, the
> envelope-from field should have a valid email at our domain?

Use your own addresses in both the envelope sender and the From: header.
Otherwise, your mail may be rejected/discarded/tagged as spam. Even
LinkedIn stopped "forging" the From: header.

you can set the display name of the From: header to the name of the user
who sends the ecard. something like:
    From: John Doe <[hidden email]>

The address part should be valid so that people can contact you
(complaints, ... etc).

consider using VERP style addresses in the envelope sender to identify
users when you get bounces.

yes, the business of sending invitations/ecards/links/.... is harder
than it was.