EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 7 May 2019, 05:42 AM   #1
sebwills
Junior Member
 
Join Date: Jan 2015
Posts: 10
SRS for forwarded aliases

The help pages for aliases recommend not enabling SRS (sender rewriting scheme) when configuring an alias to forward to an external mail system (gmail in my case).

Can anyone explain why this is the recommendation?
sebwills is offline   Reply With Quote

Old 10 May 2019, 12:36 PM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,476
The help page says:
Quote:
We don't recommend enabling SRS unless you need to (i.e. emails aren't being forwarded correctly).
The example given is where it is needed - forwarding to Gmail if SPF is the only reason a message is rejected.

However, the DMARC standard makes use of both DKIM and SPF, and it additionally requires alignment between the envelope From and From header. SRS will cause this alignment to fail.

See more at:
https://fastmail.blog/2016/12/24/spf-dkim-dmarc/

At this time (with the current popular security standards) it's not possible to guarantee that forwarding works in all cases. This has nothing to do with Fastmail, but is due to the attempts to reduce spam by preventing spoofing of the From address.

Bill
n5bb is offline   Reply With Quote
Old 22 May 2019, 08:01 AM   #3
SideshowBob
Member
 
Join Date: Jan 2017
Posts: 41
Setting up SRS may prevent an email being rejected for failing SPF, it shouldn't make any difference to whether it passes DMARC.

"We don't recommend enabling SRS unless you need to" without any explanation seems very enigmatic to me. The reason for not having it would have to be a pretty good one IMO because a third-party downstream service could change its policy at any time.
SideshowBob is offline   Reply With Quote
Old 22 May 2019, 10:53 AM   #4
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 2,756
Quote:
Originally Posted by SideshowBob View Post
Setting up SRS may prevent an email being rejected for failing SPF, it shouldn't make any difference to whether it passes DMARC.

"We don't recommend enabling SRS unless you need to" without any explanation seems very enigmatic to me. The reason for not having it would have to be a pretty good one IMO because a third-party downstream service could change its policy at any time.
FastMail probably dislikes the use of SRS on principle, in that it is spoofing the return address. There is always a chance that the receiving server will detect the "spoofing" and misinterpret the intention. Most SPF implementations have whitelists of mail services that do legitimate spoofing (such as forwarders like Pobox.com) but there could be trouble if you are not on that list.

Personally, though, like you I tend to think using SRS may be the lesser risk.
BritTim is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:00 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy