On Fri, Aug 07, 2015 at 01:25:37AM +0200, Heiko Richter wrote: > Nothing concerning Bind, but still relevant to all list users: > > Just wanted to let you all know about a configuration error on > lists.isc.org. It doesn't rewrite any email headers, only reflects > incoming messages to all list members which leads to problems in > SPF-checks.
Just like pretty much every list server in existence, ever since the idea of participatory mailing lists began. > Whenever I post something to the list (I'm not using SMTP, I'm > using a usenet server to post to comp.protocols.dns.bind), my > postmaster address receives DMARC notifications from list members > that have employed this wonderful protocol on their servers, > telling me my message had been rejected for violating my SPF > policy. Something which the wonderful folks who thought up DMARC apparently failed to consider. (Somewhat like a FUSSP in that in order to work correctly, millions of sites globally will have to change the way they do things.) > My SPF record doesn't include lists.ist.org, of course and it never > will. Furthermore it ends with "-all" so all my messages to the > list are being rejected by list members who have spf aware servers. No, GNU Mailman (which is the software behind lists.isc.org) does the right thing, setting a proper *envelope* sender address in the ISC domain. Proper filtering would go on the envelope sender. > Just wanted to let you all know about it as I can imagine I'm not > the only person who has outgoing SPF. > > And the worst thing: If you have a record ending with "~all" your > messages will be accepted but probably end up in a spam report > container slowly eating away the good anti-spam-reputation your > server has. Unfortunately a lot of sites do silly things, so there may be a bit of truth in that. But it's not a reason to join in on doing silly things. > So ISC: please fix your list servers, let them rewrite the From > headers! I am strongly opposed to this. DMARC was another half-baked idea which should not be influencing such wide-ranging changes. Do note that lists.isc.org long predates DMARC. Furthermore, it's not fixing the server, it's breaking it. Users want to see the sender's address. Some of them use it for such things as killfiling. But thank you for bringing this issue up. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
