Closed dechamps closed 1 year ago
Yes, in fact @niftylettuce says adding that record is only for SMTP support.
I suppose that’s why there isn’t an SPF check when setting up your domains (only MX and TXT).
Yes, this is for future SMTP support we are working on.
Currently the setup guide recommends adding the following SPF record:
This raised my eyebrows. I don't see the point of this particular SPF configuration.
The configuration basically reads "only
forwardemail.net
is authorized to use a@example.com
envelope from address". That seems irrelevant here. forwardemail.net is used to forward email toexample.com
, not from it.In and of itself this spurious SPF record is mostly harmless (I guess it could possibly be used to exploit forwardemail.net as a confused deputy to spoof messages, but I can't think of a practical attack vector). But it's confusing to users and makes it harder for beginners to understand how SPF works (because the configuration example makes no sense). It could also potentially result in users breaking their outgoing email setup if they blindly follow the instructions without understanding them.
I would suggesting changing the instructions to: