On 2024-12-18 at 08:03:12 UTC-0500 (Wed, 18 Dec 2024 08:03:12 -0500)
John Hill via Postfix-users <jh...@noach.com>
is rumored to have said:
Today I feel like an old ham radio operator during the citizen band
years.
I am having a slew of spf, hostname , dkim and dmarc failures.
I look them up and yep no reverse, dkim, dmarc or it is unknown.
Hell, one of my doctors uses a service that his email fails dkim. In
all my years I have never had a failed dkim that I remember.
It looks like big mailers have servers barfing email with domains that
are not in dns at all.
I am always looking at better ways to setup postfix?
Are tools like dkim etc, getting to old or being incorrectly used?
It is very hard to fix the ignorance of people who have decided to
remain ignorant. If that is the root of your problem, all I can provide
is sympathy.
I don't see a substantial quantity of legit email with missing rDNS or
missing/broken SPF/DKIM/DMARC records, so your experience makes me
wonder whether you have a DNS problem.
The most common DNS problem I see with mail systems is an inadequate DNS
resolver. A mail server accepting mail from the Internet MUST have a
local fully-recursive non-filtering DNS resolver. BIND, Unbound or the
PowerDNS resolver can all be adequate. DNSMasq can't. Forwarding to an
external resolver IS NOT adequate.
Beyond that, I don't think that the standardized mail authentication in
DNS mechanisms are "too old" but they are imperfect and are not really
great spam identification tools, despite their application to that
problem. They are widely implemented correctly, but a lot of domains do
not bother or get the details wrong. Some of that is conscious refusal
to deploy any of SPF/DMARC/DKIM because they have historically not been
directly and obviously useful to many senders. That is changing somewhat
now with GMail and MS365 both explicitly requiring proper deployment.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
