Gmail, SPF, and Broken Email Forwarding?

alek writes "I recently stopped getting Email from a friend ... which turns out to be related to his use of SPF records and my forwarding to gmail. This 'lost Email problem' may get worse with Google implementing Domain Keys." Alek is looking for a non-complicated solution to this non-trivial problem; read on below for more details. "Background: Like many people, I have me@mydomain.com as my public facing Email address. When Email comes into my server, I forward it to me@gmail.com. But since my friend has published SPF (Sender Policy Framework) records that say only his server is allowed to send Emails for friend@frienddomain.com, gmail apparently rejects (silently buries actually!) the Email since it is forwarding through my server. Please note that this is exactly what SPF is designed to prevent — spammers from sending Emails with your address — but it breaks forwarding and has other problems.

What's *really* strange is that if I look at the raw sendmail logs on my server, the Email from friend@frienddomain.com comes in, and is forwarded to gmail ... with an "OK" as the response — i.e. the gmail MTA doesn't reject the message as it ideally should. However, the Email then disappears — it's not even in my gmail spam filter ... so there is no trace of it at all. If my friend sends directly to me@gmail.com, it shows up ... since his domain sends directly and the SPF test is passed. Note that on my gmail account, I associate me@mydomain.com with my me@gmail.com account ... so perhaps there should be a recipient test applied before SPF is tested on the sender ... although this arguably defeats the purpose of SPF.

The logical solution is to configure sendmail on my server to do Sender Rewriting — anyone have an easy FAQ to do this? But many people/domains aren't doing this ... and my Email forwarding to gmail is quite common, so I'm surprised that this issue hasn't gotten more attention. Is there another solution?"

Sunblock

[MyLongNickName]

I prefer SPF 60. It allows me to keep the pasty white, computer nerd complexion that drives the women wild.

Re:Sunblock

I prefer SPF 60. It allows me to keep the pasty white, computer nerd complexion that drives the women away.

There, fixed that for ya.

Re:Sunblock

[Spy+der+Mann]

I prefer SPF 60. It allows me to keep the pasty white, computer nerd complexion that drives the women away.

There, fixed that for ya.

. o <-- joke
.
. </sarcasm> tag
. o <-- you
./|\
./ \

Re:Sunblock

[dlaudel]

What's a "sun"?

Re:Sunblock

company that makes servers.

Re:Sunblock

[onkelonkel]

Beware! The elders sometimes speak in hushed tones of "The Daystar". Its evil blinding rays will singe you to the finest ash and "The Wind" (like moving air from a cooling fan, but hideously amplified) will blow the ash away as if it had never existed.

Re:Please adhere to RFC

Did you score a 200 on your SAT? Did you even take the SAT? Since your reading comprehension skills are apparently on par with first graders and congressmen, allow me to clarify.

1) The story submitter used 'mydomain.com' as an example domain in his original post.

2) The OP of this thread said 'Don't do that', use 'example.com' instead of 'mydomain.com'.

3) You pointed out (1)

4) You are being rightfully flamed for being such an ignoramus.

Re:Please adhere to RFC

swoosh
~~~~~~~~~~~~~~~~point~~~~>

  0
=|=
  / \
you

Re:Easy -- sign up for Google Apps for your Domain

[The+End+Of+Days]

OMG you didn't use example.com as your domain. You're risking the nerdwrath of that dude above.

Re:silently dropping is not unexpected

[Klaus_1250]

Hotmail has been doing the same for years... And it is bad bad bad. There is a reason for those RFC's you know. I've had several complaints from people that I was loosing their mail. Checked the server logs and the mails were sent to Hotmail and it replied with a nice message received and accepted. Yet it dropped them afterwards even though it was 100% Ham. Fantastic. I get complaint about their mistakes, it takes me time and effort, and best of all, you can't contact them about it.

Re:Please adhere to RFC

[xtracto]

wow, you posted AC and then posted again. Cool.

Haha, incredible.

  MyLongNickName, I present you Select/Copy/Paste. You can do that with almost all the new Operating Systems :)

You are welcome.

Sorry, Swoosh belongs to Nike.

[johnny+cashed]

I think you're looking for whoosh.

Re:Sorry, Swoosh belongs to Nike.

[_ivy_ivy_]

RFC 9835 specifically calls for a "whoosh." The use of "swoosh" has been depreciated.

Re:Sorry, Swoosh belongs to Nike.

[Sciros]

deprecated

Re:Sorry, Swoosh belongs to Nike.

[neltana]

Actually, RFC 0444 has been reserved by the IETF for use as an example RFC number. Your joke should have used that.

Come on, people!

Re:Simple answer: stop forwarding

[lpangelrob]

Actually, Charlie tells them what they've won. Vanna plays the part of "Jerry Springer's insightful monologue" at the end, except less controversial, less insightful, and it's actually a dialogue with Pat.

Re:I knew ..

there was a reason I did not want a gmail account

Couldn't find any friends to give you an invite, eh?

Cheer up... you don't need them any more.

You insensitive clod!

[Zombie]

Any idea how much spam I've been getting since you posted that?!

Regards,
Joe Example

Re:Please adhere to RFC

[hansonc]

I present you Select/Copy/Paste. You can do that with almost all the new Operating Systems

not on my iPhone you insensitive clod.

Re:Please adhere to RFC

I once worked with a programmer who made the same mistake, only he chose a much worse non-existent domain. See, he was Russian, spoke very little English and didn't realize that there was an organization that was probably using the domain kkk.com and that kkk@kkk.com was probably a valid email address.

Needless to say, our mail server administrator was none-too-pleased to learn that we had just sent out thousands of copies of our newsletter to the Klan.

Re:Please adhere to RFC

[ultrafunkula]

You could just use frienddomain.example.com and mydomain.example.com though.