开云体育

Jim,

Another cae would be my own. My outbound email is sent via my ISP (domain

=
talktalk.net) but I receive message (and show as the "from" address when
I
send) my own domain at jimella.co.uk, which is hosted separately. I have
no
problems of that sort with either groups.io or Yahoo.

I got the details wrong. It isn't that the envelope-from matched the
delivering service, it is that the domain of the envelope-from is listed in the
DNS system as a mail service, but doesn't exclude the delivering IP address in
its SPF record.

talktalk.net is using your email address, including your custom domain, in
the MAIL FROM during the SMTP connection (the "envelope-from"), your domain has
a DNS entry, that specifies talktalk servers for delivery of mail, but has no
published SPF record. Ideally it would, and that would list talktalk's servers
as valid senders.

Another thing talktalk isn't doing for you is DKIM signing your outbound
messages. But you would have to give them an identity certificate for them
to do so. Fortunately those are now available for free from Let's Encrypt
<>, but not all email services support using them.

I got a bit deeper educated on this this than I expected as a result of
discussing Gilly's case with Mark. He's working on better authentication so as
to head off such things, but is a bit stymied by the (large enough) fraction of
legit users who's messages wouldn't pass a more stringent test. I'm not exactly
sure which side of that yours would fall, but I think ok. Certainly ok if yours
were DKIM-signed by your domain (and your DNS records pointed to your
certificate). Or, if your domain had an SPF record that lists or refers to
talktalk's outbound servers. I think either would be good enough to pass, for
example, a DMARC test.

Shal