truncated the long, hard to understand and unrelated stuff....
Am 10.08.2015 um 23:49 schrieb Lawrence K. Chen, P.Eng.:
that above is pure nonsense - your DOMAIN has either a strict SPF policy - or a testing policy ~ and no mix of both ~ means "testing, please don't reject if it don't pass" and *nothing* with good or bad IP's - from the moment on you have a ~ you don't enforce SPF for *anybody* - bad enough that this topic appeared at all but much more bad that so many people setup SPF without understand itExcept there are people that feel a strict black and white policy is too limiting.
well, when you can't say from where you send mail you should refrain from setup SPF at all
Especially when the IPs are a shared resource of the service provider where this little to stop another customer from pretending to be us (just as there was nothing for us to pretend to be
the shared ressource don't enforce SMTP authentication?
.... or permit a visiting research to continue to send with his email address but through our servers....)
this has *nothing* to do with *your* SPF policyyour SPF record has nothing to do with foreign envelope-senders just because it says "these are allowed servers for my envelope domain" and
nothing else
When suddenly they setup an SPF and rejected mail from us, with lots of angry messages and calls that its my job to fix it so it'll work again.
in that case it has to be ruled out if you made a mistake by not include all your sending servers in your SPF
As the apparently lots of different universities have been originating mail this way for years and years. And, they need to continue to do so, as the application can't do any authentication for sending....(since it had always worked....)
that's a lame excuse and finally means "don't setup SPF/DMARC at all if you have no clue who is sending from where with what enevlopes""since it has always worked" is a bad attitude - you enforce policies or just don't touch them at all
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
