none
Email Distribution List to work with SPF Check RRS feed

  • Question

  • We have an internal Exchange 2003 Server and would like to setup a way to have a Distribution List with Internal and External (non-domain) recipients. DL must be available to anyone that wants to send to it.

    Currently there are three external recipients setup as Contacts and added to DL. When ExternalUser1 sends to DL@domain.com they receive a NDR (5.7.1 Rejected due to SPF policy AND Sender-ID policy) for other External recipients in DL. 

    We do not have any administration over the External Domains to adjust SPF records, and the only work around we have tried without success is to have a User Account for each Contact and then use the User Account in DL and use the Forward to available in ADUC ..... still get a NDR.

    Suggestions have been made to use a third-party tool to intercept the message envelope and change the Return-Path/Sender but nothing has been implemented or tested.

    Help?

    Monday, August 27, 2012 6:31 AM

Answers

  • On Mon, 27 Aug 2012 06:31:29 +0000, rbdsolutions wrote:
     
    >
    >
    >We have an internal Exchange 2003 Server and would like to setup a way to have a Distribution List with Internal and External (non-domain) recipients. DL must be available to anyone that wants to send to it.
    >
    >Currently there are three external recipients setup as Contacts and added to DL. When ExternalUser1 sends to DL@domain.com they receive a NDR (5.7.1 Rejected due to SPF policy AND Sender-ID policy) for other External recipients in DL.
    >
    >We do not have any administration over the External Domains to adjust SPF records, and the only work around we have tried without success is to have a User Account for each Contact and then use the User Account in DL and use the Forward to available in ADUC ..... still get a NDR.
    >
    >Suggestions have been made to use a third-party tool to intercept the message envelope and change the Return-Path/Sender but nothing has been implemented or tested.
    >
    >Help?
     
    This isn't an easy problem to solve. I'm assuming the message sent by
    "ExternalUser1" to the DL is leaving your orgaization with the "MAIL
    FROM" address of "ExternalUser1". If that's true then the domain of
    "ExternalUser1" would have to add YOUR server's IP address to THEIR
    SPF data in their DNS.
     
    I forget when the change was made in Exchange 2003 to add the
    necessary "Resent-*" headers to the message so SenderID would work
    properly. But SPF isn't SenderID and SPF works only on the MAIL FROM
    address so unless the MAIL FROM domain includes your IP address as an
    authorized sender you're stuck.
     
    Exchange 2007/2010 handles this differently and uses the null address
    ("<>") as the MAIL FROM address. That means you won't get any NDRs or
    DSNs, and it also means that SPF will allow the message to pass since
    there's no domain to check the address against.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by rbdsolutions Monday, August 27, 2012 8:21 PM
    Monday, August 27, 2012 4:17 PM

All replies

  • Hi,

    Can you send mails to these external users using an internal account.?

    Is there a spf record present for your server?

    Leif

    Monday, August 27, 2012 7:44 AM
  • Yes can send to them normally from internal and external account, and we do not have an SPF record.

    The only issue is when a member of DL who is an external User sends to DL@domain.com then the External Recipients fail to receive with NDR being generated.

    Monday, August 27, 2012 8:28 AM
  • On Mon, 27 Aug 2012 06:31:29 +0000, rbdsolutions wrote:
     
    >
    >
    >We have an internal Exchange 2003 Server and would like to setup a way to have a Distribution List with Internal and External (non-domain) recipients. DL must be available to anyone that wants to send to it.
    >
    >Currently there are three external recipients setup as Contacts and added to DL. When ExternalUser1 sends to DL@domain.com they receive a NDR (5.7.1 Rejected due to SPF policy AND Sender-ID policy) for other External recipients in DL.
    >
    >We do not have any administration over the External Domains to adjust SPF records, and the only work around we have tried without success is to have a User Account for each Contact and then use the User Account in DL and use the Forward to available in ADUC ..... still get a NDR.
    >
    >Suggestions have been made to use a third-party tool to intercept the message envelope and change the Return-Path/Sender but nothing has been implemented or tested.
    >
    >Help?
     
    This isn't an easy problem to solve. I'm assuming the message sent by
    "ExternalUser1" to the DL is leaving your orgaization with the "MAIL
    FROM" address of "ExternalUser1". If that's true then the domain of
    "ExternalUser1" would have to add YOUR server's IP address to THEIR
    SPF data in their DNS.
     
    I forget when the change was made in Exchange 2003 to add the
    necessary "Resent-*" headers to the message so SenderID would work
    properly. But SPF isn't SenderID and SPF works only on the MAIL FROM
    address so unless the MAIL FROM domain includes your IP address as an
    authorized sender you're stuck.
     
    Exchange 2007/2010 handles this differently and uses the null address
    ("<>") as the MAIL FROM address. That means you won't get any NDRs or
    DSNs, and it also means that SPF will allow the message to pass since
    there's no domain to check the address against.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by rbdsolutions Monday, August 27, 2012 8:21 PM
    Monday, August 27, 2012 4:17 PM