Your IP Address:
Located Near:

SRS - Sender Rewriting Scheme


Draft Standard: Draft Mengwong SPF 01

What is SRS?


Sender Permitted From "SPF" is a mechanism for preventing sender forgery in SMTP transactions, thus allowing domain owners control over who may send mail from their domain. The Sender Rewriting Scheme "SRS" is a mechanism for rewriting sender addresses when a mail is forwarded in such a way that mail forwarding continues to work in an SPF compliant world.

Can you explain that in English?


Sure! SRS addresses the issue where email forwarding breaks SPF checks by the receiving email server. When an email is forwarded, the originating mail server's "SPF Records" don't allow any email to come from the fowarding mail server. With SRS implemented it rewrites envelope sender "mail from", so the email appears to come from the "forwarding mail server", so it will pass the SPF check by the receiving server.

Here's an Example:


Forwarded Email without SRS - SPF Fails
Return-path: <OriginalSender@OrigDomain.com>
Envelope-to: OriginalSender@OrigDomain.com
Received: from FowardingDomain.com ([168.144.32.45]:63570 helo=mail.FowardingDomain.com)
          by OrigDomain.com with esmtp (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for OriginalSender@OrigDomain.com;
Received: from OrigDomain.com (OrigDomain.com [206.214.223.126])
          by mail.FowardingDomain.com with SMTP;
Received: from localhost.localdomain ([127.0.0.1]:44441 helo=webmail.OrigDomain.com)
          by OrigDomain.com with esmtpa (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for testforward@FowardingDomain.com;
Subject: Test Forwarding Without SRS
From: "Original Sender" <OriginalSender@OrigDomain.com>
To: testforward@FowardingDomain.com

Spam Engine Results for email without SRS:
0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
The email above is sent from the OrigDomain to the ForwardingDomain. The ForwardingDomain forwards the email back to the OrigDomain and, as you can see in the spam results, it fails the SPF Check. If the SPF record was set to Hard Fail the email would have been discarded. Since it's set to Soft Fail it's assigned a +0.8 Spam modifier to the overall spam score.

Forwarded Email with SRS - SPF Passes
Return-path: <SRS0=R7EK=HP=OrigDomain.com=testforward@FowardingDomain.com>
Envelope-to: OriginalSender@OrigDomain.com
Received: from FowardingDomain.com ([168.144.32.45]:61161 helo=mail.FowardingDomain.com)
          by OrigDomain.com with esmtp (Exim 4.77)
          (envelope-from <SRS0=R7EK=HP=OrigDomain.com=testforward@FowardingDomain.com>)
          for OriginalSender@OrigDomain.com;
Received: from OrigDomain.com (OrigDomain.com [206.214.223.126])
          by mail.FowardingDomain.com with SMTP;
Received: from localhost.localdomain ([127.0.0.1]:55326 helo=webmail.OrigDomain.com)
          by OrigDomain.com with esmtpa (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for testforward@FowardingDomain.com;
Subject: Test Forwarding With SRS
From: "Original Sender" <OriginalSender@OrigDomain.com>
To: testforward@FowardingDomain.com

Spam Engine Results for email with SRS:
-0.0 SPF_PASS SPF: sender matches SPF record
The same email was sent but with SRS activated. Take notice of the green line above where it rewrites the “return-path” also known as the "Mail-From on forward. SRS adds SRS0 (which gets incremented on additional forwards), a hash (R7EK) and a timestamp (HP) which causes addresses to expire. All of the forwarding is kept track of in the green section and will unwind itself if it bounces at it's final destination, resulting in the original sender receiving a bounce message. Using this method the SPF passes because it's checked against the forwarding domain's SPF records not the Original Sender's SPF records.

Wow, I never knew this! How do I get this set up for my email?


Depending on your email system you can check to see if there is an SRS module you can add into it. Some email systems have it built in and all you need to do is enable it. Based on the examples shown above you can see how valuable this is and how it will increase the chances of your email landing in the inbox.

Source: Unlock The Inbox
Sponsored Links

Copyright © 2014 Unlock The Inbox