Re: [mailop] agilitylive.com publishing empty SPF record

Fri, 14 Apr 2023 06:06:10 -0700

We do try to follow general receiver best practices <https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf>; in this case, where there is no valid DMARC record/policy to follow, we fall back to SPF - where especially if the domain has "-all" or publishes "v=spf1 -all" which is intended to state the domain does not send mail, it will get rejected as the domain owner has specified.
This domain *does* send mail, and is actually used by Kofax for their CMMS system. It appears Kofax, perhaps mistakenly, thought it did not send mail, and published this policy as part of a DMARC project. I've been trying to reach out to various channels (DNS SOA admin email, helpdesk, LinkedIn, etc) to get them to fix this, but to no avail yet. 


We could make an exception for emails from these IPs and their domain 
respectively, as they are legitimate emails and duly expected, but I'd 
rather the root problem be fixed so we as receivers do not have to 
resort to manual safelisting.


- Mark Alley


On 4/14/2023 7:15 AM, Gellner, Oliver via mailop wrote:


On 13.04.2023 at 19:37 Mark Alley via mailop wrote:


> To clarify - legitimate mail getting rejected. I have not seen any 
malicious messages from these IP's, this seems to be a recent change 
in their DNS according to securitytrails.


> On 4/13/2023 12:22 PM, Mark Alley wrote:


>> Any Kofax reps or someone who knows the owners of agilitylive.com on 
list?



>> It appears they've recently published an empty SPF record with a 
hardfail policy and an (incorrectly) placed DMARC policy of reject. 
Lots of mail getting rejected from them because of their SPF record.



The SPF record clearly states that this domain is not expected to send 
emails. I’d be interested if you make an exception for emails from 
domains with such a deny-all SPF record and reject those messages 
based solely on the SPF result. As the domain does not have a valid 
DMARC record I would otherwise expect that the emails still get accepted.


--

BR Oliver

------------------------------------------------------------------------
dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de <mailto:dmt...@dm.de> * www.dmTECH.de <http://www.dmtech.de>
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
------------------------------------------------------------------------
Datenschutzrechtliche Informationen

Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen 
oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. 
Informationen unter anderem zu den konkreten Datenverarbeitungen, 
Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer 
Datenschutzbeauftragten finden Sie hier 
<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.


_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop






















					Reply via email to