Bounced emails from Mail Boxes accounts

Need help? Ask here.

Moderator: Moderators

RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Here's the RFC:

http://www.ietf.org/rfc/rfc4408.txt

Please do not post false messages claiming we are breaking an RFC without quoting us the relevant RFC passage.

In order to provide the highest quality of service, we must maintain strict separation of all incoming, outgoing, and customer mail paths. Your suggestion of adding mail/mail2 to the SPF records for rollermail.us exposes us to forgery attacks. Many spammers assume that the MX records for a domain are the servers that send mail for that domain; this is false in large-scale deployments. Someone can joe-job a rollermail.* domain, insert false headers claiming that it came from mail/mail2. When we get a complaint we can point them to the SPF record and tell them "look, they were forged, those servers don't send mail. You should have checked the SPF." The servers mail/mail2 are delivery agents for customers, not border MTAs that send to foreign systems.

We are sorry you feel it is wrong to prevent forgery attacks, but we believe it is in the best interest of our customers who do want to use our vanity domain names for hosted mail to be protected against joe-jobs and other forgeries.
Technical Support support@rollernet.us
Roller Network LLC
Locked