On Thu, Dec 14, 2017 at 8:05 PM Noel Butler <noel.but...@ausics.net> wrote:
> On 15/12/2017 10:29, st...@greengecko.co.nz wrote: > > > > December 15, 2017 1:12 PM, "Noel Butler" <noel.but...@ausics.net> wrote: > > On 15/12/2017 09:27, Grant Taylor via mailop wrote: > > On 12/14/2017 03:28 PM, Brandon Long via mailop wrote: > > My point is that -all is policy, and most people ignore the policy > portions of SPF because it completely fails a lot of forwarding cases. > > > Every postmaster (or organization behind them) has the prerogative to run > their mail server(s) the way that they want to. > > > Agreed, if I publish a -all (which I do and have done for a very very long > time), I expect receivers doing SPF processing of my domains messages, to > honor that! Who the hell are they to assume they know my network and its > senders better than me. > > > You really don't have any rights over an email once delivered, and given > just how hard it is to ensure your SPF is followed in these days of mobile > devices I don't think you should. Expect the receiving mail platform to use > the published policy to score a message sure, but not to dictate delivery. > > Sorry if this point has been made before. > > > But its not delivered in most cases, SPF checking should be done on the > MTA, yes yes yes yes, i'm very aware some people choose to not do it that > way, but most providers I've comer across do use MTA, so therefor the > message is not accepted for delivery. > > If we all start making decisions over those who expect a different result, > WTF is the whole point. Are you going to allow your users to get phished > because you chose to score rather than honor the banks -all, you need to > remember most people are not technical, they dont read half the crap that > gets put in a report, so congratulations you've just allowed a bunch of > 80yo non tech grandparents from being phished because you said the bank > doesnt know what they are doing and let their message through so they could > click on the fraudulent link and lose half their life savings. > All that SPF authenticates is the RFC5321.From, which is rarely visible to the end user and trivial for phishers to work around. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
