On 15/12/2017 15:40, Brandon Long via mailop wrote:
> All that SPF authenticates is the RFC5321.From, which is rarely visible to
> the end user and trivial for phishers to work around.
>
> Brandon
And its often all that's needed, no its not complete, no its not
perfect, but nothing ever is
-
On 15/12/2017 14:28, John Levine wrote:
> In article <6582089ce2ad3fb3fd074ada73672...@ausics.net>,
> Noel Butler wrote:
>
>> Agreed, if I publish a -all (which I do and have done for a very very
>> long time), I expect receivers doing SPF processing of my domains
>> messages, to honor that!
And for my feedback..
We use -all for important domains, involved in ecommerce or confidential
data. And yes, sometimes we get a bounce, because someone forwarded
their email to another party, but it is rare.. (and forwarding should be
discouraged).
However, it is better than the risk of ab
You're not wrong. I would only say say that perhaps this makes -all
harmless versus something one truly needs to worry about or avoid.
There's a lot of past, quite possibly bogus, guidance where we were
all pushed as ESP senders to implement -all, given the impression that
once upon a time it prov
On 2017-12-15 10:06:44 (+1000), Noel Butler wrote:
On 15/12/2017 09:27, Grant Taylor via mailop wrote:
On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
My point is that -all is policy, and most people ignore the policy
portions of SPF because it completely fails a lot of forwarding
cases
On Thu, Dec 14, 2017 at 7:16 PM Grant Taylor via mailop
wrote:
> On 12/14/2017 06:23 PM, Steve Atkins wrote:
> > If you want to argue more loudly that you *do* understand what it means
> > you could publish a matching DMARC record with p=discard. Doing that
> would
> > tell recipient ISPs that ei
On 14 Dec 2017, at 22:09 (-0500), Grant Taylor via mailop wrote:
What happens when a lot of people shoot themselves in the foot and
receivers start giving DMARC less and less credence. Will we then
need something new to convince them that I really do mean what I
publish?
Yes.
It will happe
On Thu, Dec 14, 2017 at 8:05 PM Noel Butler wrote:
> On 15/12/2017 10:29, st...@greengecko.co.nz wrote:
>
>
>
> December 15, 2017 1:12 PM, "Noel Butler" wrote:
>
> On 15/12/2017 09:27, Grant Taylor via mailop wrote:
>
> On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
>
> My point is that
In article <6582089ce2ad3fb3fd074ada73672...@ausics.net>,
Noel Butler wrote:
>Agreed, if I publish a -all (which I do and have done for a very very
>long time), I expect receivers doing SPF processing of my domains
>messages, to honor that! Who the hell are they to assume they know my
>network a
On 15/12/2017 10:29, st...@greengecko.co.nz wrote:
> December 15, 2017 1:12 PM, "Noel Butler" wrote:
>
> On 15/12/2017 09:27, Grant Taylor via mailop wrote:
> On 12/14/2017 03:28 PM, Brandon Long via mailop wrote: My point is that -all
> is policy, and most people ignore the policy portions of
On Thu, Dec 14, 2017 at 8:07 PM, Bill Cole
wrote:
> On 14 Dec 2017, at 14:01 (-0500), Jim Popovitch wrote:
>
>> Aside from a few HUGE providers, those with very large and disparate
>> networks/offices/topology
>
>
> SPF isn't related to the complexity of a network, but control of users using
>
On 12/14/2017 06:23 PM, Steve Atkins wrote:
If you want to argue more loudly that you *do* understand what it means
you could publish a matching DMARC record with p=discard. Doing that would
tell recipient ISPs that either you've actually done appropriate analysis
of your mail stream, you under
On 12/14/2017 05:29 PM, st...@greengecko.co.nz wrote:
given just how hard it is to ensure your SPF is followed in these days
of mobile devices I don't think you should
I'll argue that mobile devices should be connecting to MSAs that are
under full control and configured to work within SPF (et
> On Dec 14, 2017, at 4:06 PM, Noel Butler wrote:
>
> On 15/12/2017 09:27, Grant Taylor via mailop wrote:
>
>> On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
>>> My point is that -all is policy, and most people ignore the policy portions
>>> of SPF because it completely fails a lot of
> On Dec 14, 2017, at 3:27 PM, Grant Taylor via mailop
> wrote:
>
>> In practice, very few receivers implement SPF policy (except -all by itself
>> for domains which don't send mail as a special case).
>
> What sort of data / experience do you have to back that statement up? (I've
> not look
It seems to raise some feelings...
On 15-12-17 01:06, Noel Butler wrote:
On 15/12/2017 09:27, Grant Taylor via mailop wrote:
On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
My point is that -all is policy, and most people ignore the policy portions of
SPF because it completely fails
On 14 Dec 2017, at 14:01 (-0500), Jim Popovitch wrote:
Aside from a few HUGE providers, those with very large and disparate
networks/offices/topology
SPF isn't related to the complexity of a network, but control of users
using a domain name, which is a very different thing.
-all means
December 15, 2017 1:12 PM, "Noel Butler" wrote:
On 15/12/2017 09:27, Grant Taylor via mailop wrote: On 12/14/2017
03:28 PM, Brandon Long via mailop wrote:My point is that -all is policy, and
most people ignore the policy portions of SPF because it completely fails a lot
of forwarding c
On 15/12/2017 09:27, Grant Taylor via mailop wrote:
> On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
>
>> My point is that -all is policy, and most people ignore the policy portions
>> of SPF because it completely fails a lot of forwarding cases.
>
> Every postmaster (or organization b
On 12/14/2017 03:28 PM, Brandon Long via mailop wrote:
My point is that -all is policy, and most people ignore the policy
portions of SPF because it completely fails a lot of forwarding cases.
Every postmaster (or organization behind them) has the prerogative to
run their mail server(s) the wa
My point is that -all is policy, and most people ignore the policy portions
of SPF because it completely fails a lot of forwarding cases.
-all is asking receivers to reject mail that doesn't pass.
~all isn't policy.
In practice, very few receivers implement SPF policy (except -all by itself
for
On Thu, Dec 14, 2017 at 2:14 PM, Brandon Long via mailop
wrote:
>
> On Thu, Dec 14, 2017 at 11:09 AM Jim Popovitch wrote:
>>
>> On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop
>> wrote:
>> >
>> > In fact, you should not use "-all" for your mail domain if you care
>> > about delive
On Thu, Dec 14, 2017 at 11:09 AM Jim Popovitch wrote:
> On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop
> wrote:
> >
> > In fact, you should not use "-all" for your mail domain if you care
> > about deliverability.
>
> FALSE! (Also, you should not randomly add CC recipients to th
On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop
wrote:
>
> In fact, you should not use "-all" for your mail domain if you care
> about deliverability.
FALSE! (Also, you should not randomly add CC recipients to the same
mailinglist that you are responding to)
Aside from a few HUGE
> If you want to be a good neighbour, you should have a restrictive (not
> ~all) SPF
This is quite common misconception. In fact, you should not use "-all"
for your mail domain if you care about deliverability.
You can find this fact and many more SPF misconceptions explained here:
https://hacker
25 matches
Mail list logo
