Re: [mailop] Blocking emails from domains without SPF records

Wed, 17 Aug 2016 14:40:54 -0700 

Franck Martin wrote:

I don't think you should block however:



I'm not making any call either way - it's upto the admins involved. 
Personally I have a valid SPF record my milter I wrote and build from 
scratch the other week uses libspf2 to make determinations on whether to 
accept or reject email based on the pass/soft fail/hard fail, it makes 
no differentiation between 'has a SPF record' and 'does not have a SPF 
record'.


-IPv4 rate limit if the email is not authenticated (pass SPF or DKIM)
-IPv6 reject email if it is not authenticated (pass SPF or DKIM)


Personally I wouldn't treat them differently, but that my personal opinion.

Regards,

Michelle




On Wed, Aug 17, 2016 at 12:23 PM, Michelle Sullivan 
<miche...@sorbs.net <mailto:miche...@sorbs.net>> wrote:


    Brandon Long via mailop wrote:

        If your mail server doesn't expect to get forwarded mail, I
        can see using SPF like that.

        If you do expect to get forwarded mail, then it seems likely
        to cause more false positives than it's worth.


    I don't see that...  Renaud just quoted
    https://www.iplocation.net/email-delivery-problems
    <https://www.iplocation.net/email-delivery-problems> "Many mail
    servers refuse to accept emails from an IP address without SPF
    record" not that the SPF record should be restrictive when it
    comes to forwarded mail.... remembering the SPF is just to
    identify the places where a domains email may originate and
    whether the set policy is to be enforced or just used for
    information.  SPF doesn't stop forwarded email unless configured
    to do so... and not forgetting we're talking about where you're
    sending to, not about you receiving in this context.  Ie I may
    choose not to accept email from domains without SPF, if google.com
    <http://google.com> doesn't have an SPF record it would just stop
    you sending to me, if you put in a +all or ?all record into
    google.com <http://google.com>'s DNS I would accept your email...

    Regards,


    -- 
    Michelle Sullivan

    http://www.mhix.org/



    _______________________________________________
    mailop mailing list
    mailop@mailop.org <mailto:mailop@mailop.org>
    https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
    <https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>





--
Michelle Sullivan
http://www.mhix.org/


_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop






















					Reply via email to