On 2017-05-22 17:22:19 (-0700), Brandon Long via mailop
wrote:
Well, the obvious usage of ARC where DKIM is not a solution is for any
modifying hop, such as a mailing list. The mailing list can DKIM sign the
modified message, but it then lacks alignment and also takes on "ownership"
of the me
On 2017-05-22 14:54:06 (-0700), Steve Atkins wrote:
On May 22, 2017, at 2:42 PM, W Kern wrote:
We quarantine inbound SPF failures. Customers complain but we point
that out. So those are not the issue.
I am talking about the scenario where a third party sender WITH an
-all SPF record sends t
Well, the obvious usage of ARC where DKIM is not a solution is for any
modifying hop, such as a mailing list. The mailing list can DKIM sign the
modified message, but it then lacks alignment and also takes on "ownership"
of the message (see discussion about forwarding in general taking the
reputa
DKIM is solution.
ARC is not solution and never will. Actually, I see no any reason for
ARC, really. If you trust sender, you can trust his Received: without
any cryptography. If you do not trust sender, you can not trust ARC
regardless of cryptography. ARC doesn't work without trusts. The only
On 5/22/2017 3:46 PM, valdis.kletni...@vt.edu wrote:
On Mon, 22 May 2017 14:42:20 -0700, W Kern said:
I am talking about the scenario where a third party sender WITH an -all
SPF record sends to my customer and then MY customer forwards it
elsewhere (gmail, hotmail).
So you accept spam if it
Forwarding is complicated, but it's not going away.
If you take "ownership" of forwarded mail by changing the MAIL FROM, then
you are more likely to be charged for the spam you forward. If you don't
take ownership, then spf will fail, and a good spam filter will be more
likely to notice it's forw
On Mon, 22 May 2017 14:42:20 -0700, W Kern said:
> I am talking about the scenario where a third party sender WITH an -all
> SPF record sends to my customer and then MY customer forwards it
> elsewhere (gmail, hotmail).
So you accept spam if it has a valid SPF?
pgp1vLecxuz_9.pgp
Description:
On Mon, May 22, 2017 at 6:05 PM, Michael Wise via mailop
wrote:
>
> At least a Mailing List is in a position to rewrite the headers so that SPF
> works when it sends the traffic out.
>
Yep, but only those managed by ppl who know how to keep things
updated, patched, etc. Lots of bad managed mai
oft.com/en-us/download/details.aspx?id=18275> ?
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Monday, May 22, 2017 2:52 PM
To: mailop@mailop.org
Subject: Re: [mailop] SPF record
> On May 22, 2017, at 12:57 PM, Mich
On 5/22/2017 2:54 PM, Steve Atkins wrote:
ARC is the very-near-future solution to much of this. Get your vendors on it.
http://arc-spec.org
Very interesting. Will research more on it.
Thanks.
-bill
___
mailop mailing list
mailop@mailop.org
https
> On May 22, 2017, at 2:42 PM, W Kern wrote:
>
>
> We quarantine inbound SPF failures. Customers complain but we point that out.
> So those are not the issue.
>
> I am talking about the scenario where a third party sender WITH an -all SPF
> record sends to my customer and then MY customer f
> On May 22, 2017, at 12:57 PM, Michael Wise via mailop
> wrote:
>
>
> Forwarding ... is GROSSLY insecure and causes far more problems than it
> solves.
> Just grabbing the traffic from the original INBOX with IMAP or POP3 is a much
> more secure solution.
/me gestures vaguely at this wondr
On 5/22/2017 1:31 PM, valdis.kletni...@vt.edu wrote:
On Mon, 22 May 2017 13:21:08 -0700, W Kern said:
Then it's your fault for *accepting* the spam/virus that ended up getting
forwarded.
We quarantine inbound SPF failures. Customers complain but we point that
out. So those are not the i
On Mon, 22 May 2017 13:21:08 -0700, W Kern said:
> On 5/22/2017 11:22 AM, valdis.kletni...@vt.edu wrote:
> > not an SPF problem.
> > Forwarding has worked just fine for 30 or so years, if not longer. The
> > "problem" only happens if you insist on attaching SPF to it.
> Except when it is a shared
On 5/22/2017 11:22 AM, valdis.kletni...@vt.edu wrote:
not an SPF problem.
Forwarding has worked just fine for 30 or so years, if not longer. The
"problem" only happens if you insist on attaching SPF to it.
Except when it is a shared server and that server forwards enough
spam/virii (despit
essed."
Got the Junk Mail Reporting Tool ?
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of
valdis.kletni...@vt.edu
Sent: Monday, May 22, 2017 11:23 AM
To: Michael Peddemors
Cc: mailop@mailop.org
Subject: Re: [mailop] SPF record
On Mon, 22 May 2017 10:5
On Mon, 22 May 2017 10:59:21 -0700, Michael Peddemors said:
> Some have pointed out on the list the problem with 'forwarding', however
> that is a forwarding problem, and not an SPF problem.
Forwarding has worked just fine for 30 or so years, if not longer. The
"problem" only happens if you insist
On 17-05-20 12:24 PM, Steve Atkins wrote:
On May 19, 2017, at 6:58 PM, Bryan Blackwell wrote:
Hi folks,
Please pardon the noob question, just want to make sure this is what a proper
SPF record should look like:
example.org.IN TXT "v=spf1 mx ~all"
It's fine. I'd marginally pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2017-05-21 at 12:02 -0500, frnk...@iname.com wrote:
> Same here -- many of my customers, for example those who go to O365,
> aren't
> aware of the implications when they add Microsoft's suggested SPF
> record,
> and then wonder why some email
> On May 21, 2017, at 8:33 AM, ComKal Networks wrote:
>
> Hi,
>
> I use "-all" for my primary domain simply because we
> don't use mobiles, outgrew them 17 years ago. All email
> from my primary will only ever originate from my server.
> My primary domain doesn't forward received emails to
> an
Yes.
Can also use a wizard like spfwizard.com to generate
Sent from my iPhone
> On May 19, 2017, at 9:58 PM, Bryan Blackwell wrote:
>
> Hi folks,
>
> Please pardon the noob question, just want to make sure this is what a proper
> SPF record should look like:
>
> example.org.IN TXT
In article <100.10d30d0034b32159@comkal.com.au> you write:
>Anyone forwards an email I've sent them, then the headers
>will specify their sending domain so the SPF record for
>my domain should be irrelevant.
Good luck with that.
R's,
John
___
mailo
to these issues
and can suggest tweaks to their SPF record to resolve the issue.
Frank
-Original Message-
From: SM [mailto:s...@elandnews.com]
Sent: Sunday, May 21, 2017 10:25 AM
To: frnk...@iname.com; mailop@mailop.org
Cc: Kurt Jaeger
Subject: RE: [mailop] SPF record
Hi Frank,
At 0
On 21 May 2017, at 11:33, ComKal Networks wrote:
Anyone forwards an email I've sent them, then the headers
will specify their sending domain so the SPF record for
my domain should be irrelevant.
1. SPF does not operate on any email headers. It operates on the SMTP
envelope sender. RFC5321.Mai
Hi Frank,
At 06:52 21-05-2017, frnk...@iname.com wrote:
Do you think the sending domain was not aware of that when they
wrote the policy?
I have come across cases where the sending domain was not aware of
the impact of its SPF policy. That does not mean that sending
domains are not aware of
Hi,
I use "-all" for my primary domain simply because we
don't use mobiles, outgrew them 17 years ago. All email
from my primary will only ever originate from my server.
My primary domain doesn't forward received emails to
anywhere else on receipt, and never will.
Anyone forwards an email I've se
On 21/05/2017 14:52, frnk...@iname.com wrote:
sm,
Do you think the sending domain was not aware of that when they wrote the
policy?
I think a lot of the disagreement comes from differing views on priorities.
For some people, the danger of receiving forged messages is paramount,
so rejecting
sm,
Do you think the sending domain was not aware of that when they wrote the
policy?
Frank
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of SM
Sent: Sunday, May 21, 2017 8:13 AM
To: Kurt Jaeger ; mailop@mailop.org
Subject: Re: [mailop] SPF record
Hi
Hi Kurt,
At 05:25 21-05-2017, Kurt Jaeger wrote:
Can you tell more about this ? Why is '-all' bad ?
You are assuming that when the message is delivered to the receiver,
it will see a connection from the sending IP address.
Regards,
-sm
___
ma
Hi!
Steve wrote:
> "~all" is the smart policy to use; ignore those who tell you to
> use "-all" or "?all".
Can you tell more about this ? Why is '-all' bad ?
--
p...@opsec.eu+49 171 3101372 3 years to go !
___
mail
On Sat, 20 May 2017, Steve Atkins wrote:
On May 20, 2017, at 2:13 PM, John Levine wrote:
In article <3a8a3db1-a628-4cf5-add5-d2db22b5c...@blighty.com> you write:
"~all" is the smart policy to use; ignore those who tell you to use "-all" or
"?all".
Not disagreeing, but what practical diff
> On May 20, 2017, at 2:13 PM, John Levine wrote:
>
> In article <3a8a3db1-a628-4cf5-add5-d2db22b5c...@blighty.com> you write:
>> "~all" is the smart policy to use; ignore those who tell you to use "-all"
>> or "?all".
>
> Not disagreeing, but what practical difference do you see between ~all
In article <3a8a3db1-a628-4cf5-add5-d2db22b5c...@blighty.com> you write:
>"~all" is the smart policy to use; ignore those who tell you to use "-all" or
>"?all".
Not disagreeing, but what practical difference do you see between ~all softfail
and ?all neutral ?
R's,
John
> On May 19, 2017, at 6:58 PM, Bryan Blackwell wrote:
>
> Hi folks,
>
> Please pardon the noob question, just want to make sure this is what a proper
> SPF record should look like:
>
> example.org. IN TXT "v=spf1 mx ~all"
It's fine. I'd marginally prefer one that listed the source
yes and no. Actually, this record may be invalid, depending on the
number of MX records for example.org. SPF is limited to 10 name
resolutions to resolve policy to final IP addresses. In this case name
resolution scenario is:
1. Resolve SPF record itself (1 name resolution)
2. Resolve MX for exma
On Fri, 19 May 2017, Bryan Blackwell wrote:
Hi folks,
Please pardon the noob question, just want to make sure this is what a proper
SPF record should look like:
example.org.IN TXT "v=spf1 mx ~all"
--Bryan
-- Bryan Blackwell --
br...@skiblack.com
Bryan,
The spf record synta
Hi folks,
Please pardon the noob question, just want to make sure this is what a proper
SPF record should look like:
example.org.IN TXT "v=spf1 mx ~all"
--Bryan
-- Bryan Blackwell --
br...@skiblack.com
___
mailop mailing list
mailop@m
37 matches
Mail list logo
