Sender Rewriting Scheme (SRS)

Forwarding email in the modern world

Many mail systems now use the Sender Protection Framework (SPF). This provides protection against phishing attacks. For example, it makes it much harder for an attacker to send a fake email purporting to come from a bank. SPF is now used by all the popular webmail systems to protect their users from such fake emails. This includes gmail, hotmail, outlook, yahoo, and many others. Incoming email that fails their SPF checks will generally be filed as spam, or simply disappear without trace.

SPF does not permit the traditional way of forwarding email, as used by our mail system. This means that if you attempt to forward email from a domain hosted with us to an account at one of the popular webmail sites, it will not arrive reliably.

The Sender Rewriting Scheme (SRS) offers a solution to this problem. It alters the sender address to use your own domain, which means you control the relevant SPF records, and you can ensure that your forwarded email passes SPF checks. We recommend that you publish SPF records for your domains hosted with us.

Our SRS support is very new, and still has some rough edges. We have not yet exposed it in our control panel. If you are uncomfortable editing .forward files by hand, just drop us an email and we will be happy to help.

Converting a forwarder to SRS

You aleady have a forwarder in place, and you want to convert it to SRS. Find the relevant .forward file. There are two cases. If the first line is this (or similar) then it is an Exim filter file.

# Exim filter <== AUTO

Otherwise, it is a traditional filter file.

Exim filter files

Replace deliver address with pipe "srs-forward address"

For example, if your exim filter file looked like this:

deliver alice@example.com

you should alter it to look like this:

pipe "srs-forward alice@example.com"

Traditional filter file

Replace address with |srs-forward address The first character is the pipe symbol, which is usually on the same key as backslash \

For example, if your traditional filter file looked like this:

bob@example.net

you should alter it to look like this:

|srs-forward bob@example.net

Creating a new forwarder with SRS

At present, the simplest thing would be to create the forwarder through our control panel in the usual way, then convert it as described above. We hope to improve this soon.

Setting up reverse SRS

The srs-forward command is only half the story. You also need to set up reverse translation. You need to create two further files. If the file you altered above was called .forward or .forward-thing then you must create .forward-srs0-default and .forward-srs1-default

If the file from the first step was called .forward-thing-other, then you must create .forward-thing-srs0-default and .forward-thing-srs1-default

The contents of each file is always the same:

|srs-reverse

Sphinx virtual domains

To use SRS forwarding with your user@sphinx.mythic-beasts.com address, follow the instructions above. The relevant file is simply .forward

For any other domain hosted on sphinx, we will need to enable .forward files for that domain. Simply email us with details of the domain you want to enable, and we'll be happy to set it up.