Re: [mailop] SPF fragility vs. utility

On Wed, 16 Oct 2024 at 21:41, Michael Orlitzky via mailop wrote: > > The killer feature of SPF is that I can tell somebody how to set it up > over the phone. Most small businesses send mail from one or two places, > and usually, I can google the appropriate "include:" for them. Once SPF > is passi

Re: [mailop] SPF fragility vs. utility

> On 16 Oct 2024, at 19:22, Michael Orlitzky via mailop > wrote: > > On Wed, 2024-10-16 at 16:00 +, Dave Crocker via mailop wrote: >> >> 7. The myth that SPF is simple to implement is because it is simple for >> a sender to create a basic SPF record. It does not mean that it is >> simp

Re: [mailop] SPF fragility vs. utility

Dnia 16.10.2024 o godz. 15:12:00 Brandon Long via mailop pisze: I'd think "able to send mail to receiver foo" vs not is a measurable improvement. On 17.10.24 01:07, Jaroslaw Rafa via mailop wrote: Only because that receiver arbitrarily decided that they will not accept mail that doesn't meet s

Re: [mailop] Mimecast DKIM Sender Invalid

https://community.mimecast.com/s/article/email-security-cloud-gateway-mimecast-smtp-error-codes It's in there. Search for "DKIM sender invalid". -Mark Alley On Thu, Oct 17, 2024, 6:47 AM Florian Effenberger via mailop < mailop@mailop.org> wrote: > Hello, > > I've recently ran into an issue with

Re: [mailop] SPF fragility vs. utility

Dnia 17.10.2024 o godz. 12:24:02 Gellner, Oliver via mailop pisze: > > Not really. Our regular users are not allowed to connect to sites via http > or with invalid certificates. Endusers hardly encounter websites with > certificate errors. How? Do you block port 80, and for HTTPS intercept their

Re: [mailop] Mimecast DKIM Sender Invalid

Hi, Mark Alley wrote on 17.10.24 at 14:50: https://community.mimecast.com/s/article/email-security-cloud-gateway- mimecast-smtp-error-codes It's in there. Search for "DKIM sender invalid". ind

Re: [mailop] SPF fragility vs. utility

On 17.10.2024 at 00:44 Louis via mailop wrote: > If SPF were deprecated, was would be the actual, significant effects on email > anti-abuse processes? > • DKIM+DMARC do not verify the return address. So backscatter spamming would > get more attractive to spammers, unless every receiver implemen

[mailop] Mimecast DKIM Sender Invalid

Hello, I've recently ran into an issue with delivering mails to a Mimecast-hosted domain. I do not have delivery issues to any other MX, there are no blocklist entries, and SPF, DKIM and DMARC are working as expected. I've just confirmed this again via mail-tester.com and dmarctester.com.

Re: [mailop] SPF fragility vs. utility

On 17.10.2024 at 01:08 Jaroslaw Rafa via mailop wrote: > Dnia 16.10.2024 o godz. 15:12:00 Brandon Long via mailop pisze: >> "big browsers require valid certificates" with no "measurable" >> improvements... > Wrong. You can still connect to a site with invalid certificate or just using > plain H

Re: [mailop] Mimecast DKIM Sender Invalid

Hi, Andy Beverley - Simplelists via mailop wrote on 17.10.24 at 15:15: I posted this response a while ago to another query, copying now in case it's the same issue: thanks for this! I had a problem a couple of years ago with Mimecast marking some DKIM-signed emails as failing, even though t

Re: [mailop] Mimecast DKIM Sender Invalid

On 17/10/2024 13:56, Florian Effenberger via mailop wrote: indeed - but my signing isn't broken... I posted this response a while ago to another query, copying now in case it's the same issue: I had a problem a couple of years ago with Mimecast marking some DKIM-signed emails as failing, eve

Re: [mailop] SPF fragility vs. utility

> Wouldn't backscatter spamming already currently work the same way with > messages where the return path address does not align, or with completely > unauthenticated messages? If spammers were to use my email in the return path/envelope from with the intent on causing backscatter, the emails will

Re: [mailop] Mimecast DKIM Sender Invalid

On 17/10/2024 14:43, Florian Effenberger via mailop wrote: How did you work around it with Mimecast, if I may ask? And what's the best way to open a ticket there? It was actually through another organization who were a Mimecast customer. They hammered away at the standard support channels, un

Re: [mailop] Mimecast DKIM Sender Invalid

Hello, Andy Beverley - Simplelists via mailop wrote on 17.10.24 at 23:10: It was actually through another organization who were a Mimecast customer. They hammered away at the standard support channels, until eventually it was escalated appropriately. When I said "workaround", this was actual

Re: [mailop] SPF fragility vs. utility

On Thu, 17 Oct 2024, Louis wrote: If spammers were to use my email in the return path/envelope from with the intent on causing backscatter, the emails will be rejected at SMTP time due to SPF failure. FYI, You might not believe it but not everyone checks SPF much less at SMTP time. They may

Re: [mailop] SPF fragility vs. utility

On Wed 16/Oct/2024 18:00:47 +0200 Dave Crocker via mailop wrote: [...] 7. The myth that SPF is simple to implement is because it is simple for a sender to create a basic SPF record.  It does not mean that it is simple to create a more elaborate record, or to ensure that all authorized sending

[mailop] Squarespace Mailops

Please is there someone from Squarespace on the list? I’ve a question for you, please ping me directly. Thanks. Udeme ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF fragility vs. utility

On 17.10.2024 at 14:52 Jaroslaw Rafa via mailop wrote: > Dnia 17.10.2024 o godz. 12:24:02 Gellner, Oliver via mailop pisze: >> >> Not really. Our regular users are not allowed to connect to sites via >> http or with invalid certificates. Endusers hardly encounter websites >> with certificate err

Re: [mailop] SPF fragility vs. utility

On 17.10.2024 at 17:11 Louis via mailop wrote: >> Wouldn't backscatter spamming already currently work the same way with >> messages where the return path address does not align, or with completely >> unauthenticated messages? > If spammers were to use my email in the

Re: [mailop] SPF fragility vs. utility

Dnia 17.10.2024 o godz. 15:09:45 Gellner, Oliver via mailop pisze: > > How? Do you block port 80, and for HTTPS intercept their web connections > > using some man-in-the-middle box and filter them? > > You can modify the browser settings to disable http or remove the override > button on the certi

Re: [mailop] SPF fragility vs. utility

On 10/16/2024 3:43 PM, Louis via mailop wrote: DKIM+DMARC do not verify the return address. So backscatter spamming would get more attractive to spammers, From this sub-thread, I think I believe that simple use of SPF can be useful for reducing back-scatter. But this has nothing to do with

Re: [mailop] SPF fragility vs. utility

On 10/17/2024 10:00 AM, Alessandro Vesely via mailop wrote: Missing a backup authentication method would make DMARC even less reliable. A backup method that adds complexity and breaks under significant, common scenarios does not sound like a great backup method. Hence my continuing query

Re: [mailop] SPF fragility vs. utility

Back in May at the InboxExpo conference in Atlanta, I was told by a consultant to very large senders that they advise customers to set their DMARC to "p=quarantine" because they had been observing that Microsoft's processing of some emails was causing DKIM failures - in as much as 30% of their c