In my experience, your options are
1) Don't allow forwarding through to any platform that enforces SPF, or
2) Don't allow forwarding at all, or
3) Require your forwarding system to also rewrite the envelope-sender.
The following may be of interest:
based on a cursory google search,
may be of interest.
I've personally seen entirely legitimate SPF implementations break
entirely legitimate mail forwarding arrangements.
Interestingly there doesn't appear to be a single agreed resolution to
this, short of simply not forwarding.
Google for 'Forwarded Email SPF' and note the general thrust of many of
On Fri, April 18, 2014 5:01 pm, Richard Hector wrote:
I'm in an organisation that uses a forwarding mailserver to give (some)
members user@organisation email addresses, which get forwarded to their
The trouble is, I have SPF on my domain, and one at least of the
receiving MTAs checks it, and my mail gets rejected as a consequence.
What's the best solution?
Do I (and anybody else who might mail us) need to turn off SPF, or make
it less strict?
Does the forwarding server need to remail rather than forward?
Do we need to persuade the receiving mail admins to whitelist our
forwarder (there could be many others)?
Should the organisation mailserver just operate an IMAP/POP/Webmail
service rather than forwarding, so that this never arises (my favourite)?
NZNOG mailing list