Correct email forwarding despite strict SPF checking thanks to SRS
Updated
by Gerhard Kleewein
The primary reason for setting up an SPF record is to prevent SPAM from being sent from a domain name. An SPF record defines which IP addresses shall be allowed to send email for a domain name and how receiving mail servers must treat emails originating from non-permitted IP addresses.
SPF reaches its limits when forwarding external e-mails.
The fundamental problem: The forwarding email server is very likely not authorized to send emails from the sender domain due to the SPF record (forwarding/redirecting is one form of sending emails).
To eliminate this fact, EDIS implemented an (experimental) technology called SRS https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme.
SRS rewrites the "envelope sender" and each email is provided with a cryptographic "hash" so that forwarding against the SPF configuration is possible.
5.0.0 smtp; 550 rejecting for sender policy framework