Thanks, Thomas. After experimenting with a mailing list it's not going to do what I would like, so I'll stick with forwarding and the SPF users will have to remember it doesn't work for them. 

SPF seems fundamentally flawed in matching the original sender's address with the latest server to handle it, which breaks forwarding. I could see the point of matching the original sender with the original server but I suspect it would be more complex to implement.

How to configure mercury to use spf?

You cannot at this point. I personally feel SPF is nearly valueless and have been opposed to it for quite some time. As a result, it's a fairly low priority for implementation on my to-do list.

It *would* be possible to implement SPF via a Mercury Daemon, using the new event model introduced in v4.5, but it would require someone experienced in Daemon development and the SMTP protocol to do that.

Cheers!

-- David --

Just curious why you feel it is nearly valueless.  For some time now I have been using content control to basically accomplish the same thing as SPF for all the major banks in my area and such services as ebay.  this even works pretty good for hotmail, google and all the other big senders.  It's been my experience that not much spam REALLY comes from these domains but most of the spam attempts to pretend it does. These rules work well but take a lot of work to get implemented initially.

if sender contains "ebay.com" weight 51
if header "received" matches "*.ebay.com (66.135.*by mercurymailsystem.ca*" weight -1999 tag "real ebay.com"
if header "received" matches "*.ebay.com (216.33.*by mercurymailsystem.ca*" weight -1999 tag "real ebay.com"
if header "received" matches "*ebay.com (66.211.161.*by mercurymailsystem.ca*" weight -1999 tag "real ebay.com"

if sender contains "cibc." weight 51
if sender contains "preschoicefinancial.com" weight 51
if sender contains "pcfinancial.ca" weight 51
if header "received" matches "*cibc.ca (199.198.2*) by mercurymailsystem.ca*" weight -1999 tag "real CIBC"

I realize this isn't foolproof but I think SPF would be.  To have a spam free world you need a bunch of different tools in your arsenault and SPF would just add another one to it.  These rules have on occasion caught stuff that made it by spamhalter. I think SPF would give me the ability to never again get another phishing email.  I wouldn't want to use it for everything but for certain domains (banking, financial, etc) it would be invaluable.

With all the various tools available to me, my users on average might might get one spam email a month. For this I Love mercury and the tools that come with it. Content control, transaction filters, graywall and spamhalter.  I'd personally like to see SPF added but if not - oh well. 

On another note.  I'd really like to pay you for mercury. How close is the licensing? 

Jim 

One other funny thing I've noticed about banks is that almost all of them send out marketing emails that come from different ip's than their own.  My rules catch everyone of them.  Not sure if thats a good thing or not, haha .  When I look up the ips they are coming from legitimate marketing firms, albeit marketing firms that know very little about sending email.  They are  actually spoofing bank email addresses.  How confusing does that get?
 

Jim 

I have a Mercury general rule to forward mail to a particular address to a list of about 20 other addresses. This fails for recipients who use SPF if the original sender also uses SPF. I understand why, and I'm wondering whether I should use a mailing list instead of forwarding. I believe mailing lists aren't broken by SPF.

My questions are:

• can I change the way Mercury forwards mail (using general rules), to be compatible with SPF?
• if I use a mailing list, I would want to populate the list myself, without any additions or changes being accepted from outside. Can this be done?
• do I need to run any particular Mercury modules to enable mailing lists?

 Chris

[quote user="Chris Bolton"]

I have a Mercury general rule to forward mail to a particular address to a list of about 20 other addresses. This fails for recipients who use SPF if the original sender also uses SPF. I understand why, and I'm wondering whether I should use a mailing list instead of forwarding. I believe mailing lists aren't broken by SPF.

My questions are:

• can I change the way Mercury forwards mail (using general rules), to be compatible with SPF?
• if I use a mailing list, I would want to populate the list myself, without any additions or changes being accepted from outside. Can this be done?
• do I need to run any particular Mercury modules to enable mailing lists?

 Chris

[/quote]

Any time you are forwarding the mail without editing  then the original addresses are going to remain the same, i.e. the MAIL FROM address will be the address of the original sender and this is not allowed by SPF.  This can happen as well with a mailing list unless you have the mailing list  message to come from the mail server rather then the original sender.  You will lose the Cc: addresses when the mail goes to a mailing list though. I'm not sure how to make that happen but since I do not use SPF it's no big deal.  Anyone using SPF should expect to lose some mail in this manner.

You need no special modules running to run a mailing list.