Perhaps i've missed something, but isn't the whole point of SPF that if
a _sender domain_ publishes a -all SPF record, that any platform using
SPF is _supposed to reject email that doesn't pass_ ?
Forwarded email is going to cause an SPF failure, unless the
envelope-sender is rewritten (ala mailing lists and such). By
'configured to do so', does Michelle mean , well, obeying SPF? Referring
to the table at http://www.openspf.org/SPF_Record_Syntax the presence of
a -all has a pretty clear requirement.
Publishing 'a' SPF record is not the same as publishing a 'Fail' record.
Domains can publish an SPF record with any of the other conditions, the
outcomes are clearly indicated.
Lack of an SPF record is, slowly, going to make life more and more
difficult for those trying to send email; the existence of even a +all
record suggest that at least the DNS Admin knows what SPF _is_.
But down-scoring email without an SPF record, or perhaps email with an
SPF failure but not -all, seems like a valid approach, as long as it's
only a contributing factor to a cumulative approach, and not treated as
a hard-switch.
IMHO.
Mark.
On 18/08/2016 9:07 a.m., Franck Martin via mailop wrote:
I don't think you should block however:
-IPv4 rate limit if the email is not authenticated (pass SPF or DKIM)
-IPv6 reject email if it is not authenticated (pass SPF or DKIM)
On Wed, Aug 17, 2016 at 12:23 PM, Michelle Sullivan
<miche...@sorbs.net <mailto:miche...@sorbs.net>> wrote:
Brandon Long via mailop wrote:
If your mail server doesn't expect to get forwarded mail, I
can see using SPF like that.
If you do expect to get forwarded mail, then it seems likely
to cause more false positives than it's worth.
I don't see that... Renaud just quoted
https://www.iplocation.net/email-delivery-problems
<https://www.iplocation.net/email-delivery-problems> "Many mail
servers refuse to accept emails from an IP address without SPF
record" not that the SPF record should be restrictive when it
comes to forwarded mail.... remembering the SPF is just to
identify the places where a domains email may originate and
whether the set policy is to be enforced or just used for
information. SPF doesn't stop forwarded email unless configured
to do so... and not forgetting we're talking about where you're
sending to, not about you receiving in this context. Ie I may
choose not to accept email from domains without SPF, if google.com
<http://google.com> doesn't have an SPF record it would just stop
you sending to me, if you put in a +all or ?all record into
google.com <http://google.com>'s DNS I would accept your email...
Regards,
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
<https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
