• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Checker
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Blacklist Monitoring
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

SRS - Sender Rewriting Scheme


Draft Standard: Draft Mengwong SPF 01

What is SRS?


Sender Permitted From "SPF" is a mechanism for preventing sender forgery in SMTP transactions, thus allowing domain owners control over who may send mail from their domain. The Sender Rewriting Scheme "SRS" is a mechanism for rewriting sender addresses when a mail is forwarded in such a way that mail forwarding continues to work in an SPF compliant world.

Sender Rewriting Scheme, Can you explain that in English?


Sure! SRS addresses the issue where email forwarding breaks SPF checks by the receiving email server. When an email is forwarded, the originating mail server's "SPF Records" don't allow any email to come from the fowarding mail server. With SRS implemented, it rewrites envelope sender "mail from"; the email appears to come from the "forwarding mail server," so it will pass the SPF check by the receiving server.

Here's an example of Sender Rewriting Scheme:


Forwarded Email without SRS - SPF Fails
Return-path: <OriginalSender@OrigDomain.com>
Envelope-to: OriginalSender@OrigDomain.com
Received: from FowardingDomain.com ([168.144.32.45]:63570 helo=mail.FowardingDomain.com)
          by OrigDomain.com with esmtp (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for OriginalSender@OrigDomain.com;
Received: from OrigDomain.com (OrigDomain.com [206.214.223.126])
          by mail.FowardingDomain.com with SMTP;
Received: from localhost.localdomain ([127.0.0.1]:44441 helo=webmail.OrigDomain.com)
          by OrigDomain.com with esmtpa (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for testforward@FowardingDomain.com;
Subject: Test Forwarding Without SRS
From: "Original Sender" <OriginalSender@OrigDomain.com>
To: testforward@FowardingDomain.com

Spam Engine Results for email without SRS:
0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
The email above is sent from the OrigDomain to the ForwardingDomain. The ForwardingDomain forwards the email back to the OrigDomain and, as you can see in the spam results, it fails the SPF Check. If the SPF record was set to Hard Fail the email would have been discarded. Since it’s set to Soft Fail, it’s assigned a +0.8 Spam modifier to the overall spam score.

Forwarded Email with SRS - SPF Passes
Return-path: <SRS0=R7EK=HP=OrigDomain.com=testforward@FowardingDomain.com>
Envelope-to: OriginalSender@OrigDomain.com
Received: from FowardingDomain.com ([168.144.32.45]:61161 helo=mail.FowardingDomain.com)
          by OrigDomain.com with esmtp (Exim 4.77)
          (envelope-from <SRS0=R7EK=HP=OrigDomain.com=testforward@FowardingDomain.com>)
          for OriginalSender@OrigDomain.com;
Received: from OrigDomain.com (OrigDomain.com [206.214.223.126])
          by mail.FowardingDomain.com with SMTP;
Received: from localhost.localdomain ([127.0.0.1]:55326 helo=webmail.OrigDomain.com)
          by OrigDomain.com with esmtpa (Exim 4.77)
          (envelope-from <OriginalSender@OrigDomain.com>)
          for testforward@FowardingDomain.com;
Subject: Test Forwarding With SRS
From: "Original Sender" <OriginalSender@OrigDomain.com>
To: testforward@FowardingDomain.com

Spam Engine Results for email with SRS:
-0.0 SPF_PASS SPF: sender matches SPF record
The same email was sent but with SRS "Sender Rewriting Scheme" activated. Take notice of the green line above where it rewrites the “return-path” also known as the "Mail-From on forward. SRS adds SRS0 (which gets incremented on additional forwards), a hash (R7EK) and a timestamp (HP) which causes addresses to expire. All of the forwarding is kept track of in the green section and will unwind itself if it bounces at its final destination, resulting in the original sender receiving a bounce message. Using this method the SPF passes because it's checked against the forwarding domain’s SPF records, not the original sender’s SPF records.

Wow, I never knew this! How do I get Sender Rewriting Scheme set up for my email?


Depending on your email system you can check to see if there is an SRS module you can add into it. Some email systems have it built in and all you need to do is enable it. Based on the examples shown above you can see how valuable this is and how it will increase the chances of your email landing in the inbox.

Source: Unlock The Inbox
Copyright © 2018 Unlock The Inbox