> host -t txt example.com
> "v=spf1 redirect=_spf.example.com -all"
> host -t _spf.example.com
> "v=spf1 +all"
Redirect makes it a replacement for the record, so +all
> host -t txt example.net
> "v=spf1 -include=_spf.example.net +all"
> host -t _spf.example.net
> "v=spf1 ~all"
-include is not a
I would never use their feature where you can forward spam to them on sending
infrastructure I don't own, especially Microsoft. Just go to spamcop.net and
paste the raw email instead.
Groetjes,
Louis
Op maandag 7 oktober 2024 om 11:21, schreef Benoit Panizzon via mailop
:
> Hi List
>
> I usu
Yep, that's what backscatter is, isn't it?
Groetjes,
Louis
Op donderdag 17 oktober 2024 om 17:21, schreef Gellner, Oliver via mailop
:
> On 17.10.2024 at 17:11 Louis via mailop <mailto:mailop@mailop.org
> [mailop@mailop.org]> wrote:
>
> >> Wouldn't
Yeah, that's true. A lot take SPF as an indicator instead of a hard policy. Even
then, it'd be stupid to send a bounce to an SPF hard failed return address, so
backscatter is still limited.
Groetjes,
Louis
Op donderdag 17 oktober 2024 om 18:23, schreef Mark Milhollan via mailop
:
> On Thu, 17
> If SPF were deprecated, was would be the actual, significant effects on email
> anti-abuse processes?
* DKIM+DMARC do not verify the return address. So backscatter spamming would
get more attractive to spammers, unless every receiver implemented some form
of BATV. Which would be yet anoth
ent SPF checking anyway.
Groetjes,
Louis
Op donderdag 17 oktober 2024 om 14:16, schreef Gellner, Oliver via mailop
:
> On 17.10.2024 at 00:44 Louis via mailop [mailop@mailop.org]> wrote:
>
> > If SPF were deprecated, was would be the actual, significant effects on
> email anti
actually knowing anything
> without looking at the RFC in detail. Guess it is harder to implement than it
> seems on the surface, then.
>
>
>
> Groetjes,
> Louis
>
>
> Op zondag 13 oktober 2024 om 11:47, schreef Gellner, Oliver via mailop
> :
>
> > >
024 at 18:06 Louis via mailop > [mailop@mailop.org]> wrote:
>
> >
> >
> > > host -t txt example.com
> > > "v=spf1 redirect=_spf.example.com -all"
> > > host -t _spf.example.com
> > > "v=spf1 +all"
> >
> >
I assume you made a typo, but for the sake of clarity: mta-sts needs a TXT
record at _mta-sts. and an http server serving the policy at
https://mta-sts./.well-known/mta-sts.txt. It has nothing to do with
_smtp._tls..
Groetjes,
Louis
Op zondag 17 november 2024 om 04:19, schreef Viktor Dukhovni
Just realized you were talking about the tls reporting policy itself. Ignore me
:)
Groetjes,
Louis
Op zondag 17 november 2024 om 15:18, schreef Louis :
> I assume you made a typo, but for the sake of clarity: mta-sts needs a TXT
> record at _mta-sts. and an http server serving the policy at
>
> Do GMail have documentation on how the rest of us can do this
You just go to the settings and you can add POP3 credentials. Google will poll
for new messages every so often and transfer them. Unable to find docs, but it's
not a hard feature to use.
> how comfortable are you giving GMail your us
Hey all,
I've just got the first person forwarding mail from their old Hotmail to me, and
it appears to be a bit of a shitshow. I fully expected SRS to be used, and DMARC
to pass for most email as DKIM was kept intact, but this doesn't appear to be
the case.
* I've seen no instance of SRS being
his document recently ?
> https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer
> [https://www.dhs.gov/news/2024/04/02/cyber-safety-review-board-releases-report-microsoft-online-exchange-incident-summer]
>
> Scott
>
>
credentials to pull messages (POP or IMAP) and to
> log in to SMTP to send messages?
>
> On 2025-01-06 18:11, Louis via mailop wrote:
> > Realistically, it's the same risk as giving the user's password to any
> > email client, right? Unless you implement a strict ASP
ison via mailop
> Now that I am in front of a keyboard I'll be a bit more expansive.
>
> On Mon, 6 Jan 2025, Louis via mailop wrote (with some re-threading):
>
> > Op maandag 6 januari 2025 om 23:32, schreef Andrew C Aitchison via mailop
> :
> >
> >> On M
Having a tooling page that we can all contribute to would be great! Assuming
there will be some moderation to prevent it from just becoming a list of adverts
:)
Groetjes,
Louis
Op dinsdag 7 januari 2025 om 10:54, schreef Simon Lyall via mailop
:
> Just catching up on this.
>
> https://www.ma
I'm not an expert on ARC, so take what I say with a grain of salt and feel free
to correct me.
As far as I know, ARC only solves this issue if the recipient trusts your ARC
signature. So it really depends on the environment if it actually will be a
solution. In most scenarios, the mailbox owner ca
You'll find this thread from a year ago interesting, I gave my insights there:
https://list.mailop.org/private/mailop/2023-November/thread.html#26357
Groetjes,
Louis
On Wednesday, December 11, 2024 5:19 PM, Scott Q. via mailop
wrote:
> It seems MS is pushing really hard for the 'NEW' Outlook
I've been getting these as well. They get DKIM signed messages and then resend
them to another recipient. Could be automatic forwarding, but they could also be
manually resending it. They do not alter the message, so DKIM passes. So, what's
the deal, you ask?
Inside the "seller's note" is a text a
Did a content block, and of course the content has now updated. I've decided I'm
just going to block PayPal emails where the to header doesn't match the RCPT TO.
If PayPal wants forwarding to work for their email, they shouldn't allow
phishing content in them.
Hope to revisit this if they ever cha
Interesting! I'm surprised they forward email that fails SPF at all. Is that
mostly a legacy thing? You don't see much legitimate email that fails SPF
nowadays.
Groetjes,
Louis
On Friday, December 13, 2024 10:01 PM, Mark Alley via mailop
wrote:
> Based on what I'm seeing in those headers, SR
oauth2-protocol
Groetjes,
Louis
Op donderdag 9 januari 2025 om 15:47, schreef Andrew C Aitchison via mailop
:
> On Tue, 7 Jan 2025, Louis via mailop wrote:
>
> > Hi Andrew,
> >
> > We seem to be talking about entirely different things. Everyone was
> > talking a
Yeah, same here. I asked the list in December but got no response, so I had
assumed either it was just known to everyone and uninteresting to answer, or
that I was somehow the only one experiencing this.
https://list.mailop.org/private/mailop/2024-December/030195.html
Groetjes,
Louis
On Mon
Because you're not selling spam filtering or reputation data, I don't think it
would be commercial use. On the sign-up page, they also state: "If you are a
non-commercial entity or a small business with low query volumes".
I guess they only really look at query volume in any case, as long as you'r
24 matches
Mail list logo
