|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
7 May 2019, 06:42 AM | #1 |
Junior Member
Join Date: Jan 2015
Posts: 11
|
SRS for forwarded aliases
The help pages for aliases recommend not enabling SRS (sender rewriting scheme) when configuring an alias to forward to an external mail system (gmail in my case).
Can anyone explain why this is the recommendation? |
10 May 2019, 01:36 PM | #2 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
The help page says:
Quote:
However, the DMARC standard makes use of both DKIM and SPF, and it additionally requires alignment between the envelope From and From header. SRS will cause this alignment to fail. See more at: https://fastmail.blog/2016/12/24/spf-dkim-dmarc/ At this time (with the current popular security standards) it's not possible to guarantee that forwarding works in all cases. This has nothing to do with Fastmail, but is due to the attempts to reduce spam by preventing spoofing of the From address. Bill |
|
22 May 2019, 09:01 AM | #3 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Setting up SRS may prevent an email being rejected for failing SPF, it shouldn't make any difference to whether it passes DMARC.
"We don't recommend enabling SRS unless you need to" without any explanation seems very enigmatic to me. The reason for not having it would have to be a pretty good one IMO because a third-party downstream service could change its policy at any time. |
22 May 2019, 11:53 AM | #4 | |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
|
Quote:
Personally, though, like you I tend to think using SRS may be the lesser risk. |
|
21 Apr 2020, 01:46 AM | #5 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Old thread revival. If I am not mistaken, Fastmail's other service, Pobox.com, does utilize SRS as part of their email forwarding products. Not sure why a service like Pobox.com seems to be able to do forwarding successfully and make a profit on it while many people seem to think all forwarding is a bad idea. Why do Fastmail and Pobox.com, parts of the same company, have different opinions on SRS? In the past when I used Pobox.com I had absolutely no issues with the forwarding part of their service and when I sent email to others, via Gmail but using Pobox SMTP, my mail was getting through reliably.
|
21 Apr 2020, 04:29 AM | #6 |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Fastmail does support SRS as an alias redirection setting, but AFAIK not from sieve/rules.
pobox is the best know portable address provider around. Possibly it gets more widespread special handling. |
21 Apr 2020, 09:15 AM | #7 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Reading up a bit on SRS and forwarding, SPF, DKIM, DMARC, etc., it is a wonder any of our email ends up where it's supposed to!
|
21 Apr 2020, 09:35 AM | #8 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
Quote:
SRS can in some cases solve SPF forwarding, but only if the receiving server doesn't use strict SPF and DMARC alignment (which means that the SPF and DKIM signing domains, From header domain, and From envelope domain all match). Bill |
|
21 Apr 2020, 09:42 AM | #9 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Quote:
Last edited by TenFour : 21 Apr 2020 at 09:48 AM. |
|
21 Apr 2020, 10:02 AM | #10 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
Quote:
Code:
Authentication-Results: spf=pass (sender IP is 13.111.33.30) smtp.mailfrom=bounce.email.ancestry.com; live.com; dkim=pass (signature was verified) header.d=email.ancestry.com;live.com; dmarc=pass action=none header.from=email.ancestry.com;compauth=pass reason=100 Code:
Authentication-Results: spf=pass (sender IP is 136.147.186.7) smtp.mailfrom=bounce.email2.microsoft.com; outlook.com; dkim=fail (no key for signature) header.d=email2.microsoft.com;outlook.com; dmarc=pass action=none header.from=email2.microsoft.com;compauth=pass reason=100 |
|
21 Apr 2020, 10:14 PM | #11 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Quote:
Authentication-Results: spf=pass (sender IP is 142.0.167.118) smtp.mailfrom=notice.comcastbusiness.com; XXXXXX.org; dkim=pass (signature was verified) header.d=notice.comcastbusiness.com;XXXXXX.org; dmarc=pass action=none header.from=notice.comcastbusiness.com;compauth=pass reason=100 |
|
22 Apr 2020, 01:40 AM | #12 | |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
|
Quote:
Bill |
|
22 Apr 2020, 01:48 AM | #13 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,683
|
Quote:
|
|
26 Apr 2020, 08:21 AM | #14 | |
Essential Contributor
Join Date: Jan 2017
Posts: 278
|
Quote:
The receiving server may reject based on SPF either without using DMARC or before using DMARC. The latter is not as bad as it sounds because most ham without an author aligned SPF pass will still have an SPF pass. Even if there is no SPF rejection an SPF fail may be taken account of in other spam filtering. |
|
Thread Tools | |
|
|