[opendmarc-users] SPF Whitelisting

A. Schulze sca at andreasschulze.de
Sun Feb 20 02:45:45 PST 2022



Am 19.02.22 um 22:34 schrieb A. Schulze:
> 
> 
> Am 19.02.22 um 20:00 schrieb Marek Greško:
>> I would need some advice on SPF whitelisting. The situation is that I use backup mx host which is out of my control and I cannot believe it is checking DKIM/DMARC by itself and I need to check it on the primary mx host. So I want to whitelist the backup mx's IP address to stop SPF failing when receiving messages through it to my primary mx host. But I do not want to use IgnoreHosts option since it will stop DKIM checking for messages received through the backup mx host.
>>
>> Currently I overcome the problem by using smf-spf milter before opendkim and opendmarc to include spf checking header and let the opendmarc believe the header. But I would like to find the solution without using the smf-spf milter.
> 
> Hello Marek,
> 
> I'm not aware skipping SPF checks only is possible with opendmarc.

Hi again,

For what reasons you think, disabling SPF-Validation helps to solve your problem?

SPF/DKIM/DMARC-validation I would implement at (/on?) a MX server. In case of a backup MX scenario, it should be done their.
It's much harder to enforce any kind of policy if a backup MX isn't under your control.

> 
> Andreas


More information about the opendmarc-users mailing list