Re: [mailop] SPF/DMARC and subdomains

2017-09-07 Thread Brandon Long via mailop
Yeah, there are two options for forwarding, to rewrite the envelope sender or not, and both seem pretty common. Mailing lists almost always rewrite, so the sender doesn't get bounce reports for the entire list, and so the list can handle bouncing users by removing them. Granted, mailing lists usu

Re: [mailop] SPF/DMARC and subdomains

2017-09-07 Thread Vladimir Dubrovin via mailop
That's practically bad idea, you will not be able to send an e-mail to user who has redirection to another account. If, for some reason, you really want to implement it, you can remove DKIM signature or sign your messages with unaligned DKIM domain. In this case DMARC only uses SPF for authenticat

Re: [mailop] SPF/DMARC and subdomains

2017-09-07 Thread Jesse Thompson
What about the idea of extending DMARC to allow a domain owner to publish a policy that says "All email using my domain in the SMTP Mail From must be aligned to the From: header domain." DMARC already has the subdomain policy capability, and alignment could be achieved using DKIM or SPF for le

Re: [mailop] SPF/DMARC and subdomains

2017-08-30 Thread Benjamin BILLON via mailop
You can also check Terry Zink's recent article on this topic, and Bart's comment: https://blogs.msdn.microsoft.com/tzink/2017/08/15/does-spf-need-an-update-so-subdomains-can-inherit-the-policy-of-its-organizational-domain-i-say-yes/ -- Benjamin 2017-08-30 23:09 GMT+08:00

Re: [mailop] SPF/DMARC and subdomains

2017-08-30 Thread Vladimir Dubrovin via mailop
DMARC prevents usage of your subdomains in the From: header. SPF doesn't protect it in anyway, it only checks SMTP envelope-from. 25.08.2017 17:11, Cameron Dixon via mailop пишет: > Hello! I have a random question about SPF/DMARC and subdomains.  > > openspf.org [1] recommen

Re: [mailop] SPF/DMARC and subdomains

2017-08-25 Thread John Levine
In article you write: >The DMARC RFC indicates you can set a policy specific for subdomains [2]. >If sp=reject is set at _dmarc.example.tld (and there isn't an overriding >policy at the host itself, since it gets checked first [3]), would this >would be an effective way to disclaim email coming s

[mailop] SPF/DMARC and subdomains

2017-08-25 Thread Cameron Dixon via mailop
Hello! I have a random question about SPF/DMARC and subdomains. openspf.org [1] recommends that non-mail-sending domains have a "v=spf1 -all" record, which can be pretty onerous if you have a lot of names published in DNS. The DMARC RFC indicates you can set a policy specific for subdomains [2].