On 05/11/12 13:41, theo borm wrote:
>

We operate a small, closed, moderated mailing list that recently stopped
working for a large part of its subscribers. The organization of which
these subscribers are a member maintains an SPF record which denies
access to all servers except a named few, which seems to be the cause of
these problems.

It sounds like their SPF implementation is broken.

As a work-around I set mlmmj to use a different from address in the
"From:" header. This solution is, however, plainly bad as it removes the
original sender from the headers. I have seen other lists use "Sender:"
header, but results are a mixed bag. With strict SPF checking of the
"From:" header in place these mails also don't pass.

SPF checking should be done on the enevelope FROM address, not the From: header contained inside the mail.

If you have published an v=spf1 policy to protect the use of your domain in the MAIL FROM and HELO addresses, Sender ID implementations that apply your policy to PRA (per RFC 4406) will reject your mail if you use your domain in the "From" (or generally PRA) header field while sending from (MAIL FROM) another system.
</quote>

organization has an v=spf1 policy in place. Mail is outsourced to microsoft, which uses sender ID.

It's the receiving server which has to implement spf/sender-ID, so delivery is erratic to say the least.

When mlmmj send out mails to the list subscribers the envelope from looks something like this:
listname+bounces-XXXX-recipient=example.com@listowner.tld

So the SPF checking is done against the domain that the list is running on.

The correct cause of action would be to get the organization with broken SPF checking to fix that.