On Oct 5, 2015, at 10:57 PM, Noel Butler wrote:
> On 06/10/2015 12:39, Jo Rhett wrote:
>
>> Sorry, let me restate: I know consequences of blocking large
>> providers. I’m asking if others have found the same to be true, or if
>> there is any reason to give SoftLayer benefit of the doubt?
>> Onc
David B Funk skrev den 2015-10-07 01:48:
On Wed, 7 Oct 2015, Benny Pedersen wrote:
meta FORGED_DOMAIN ((DKIM_VALID_AU + SPF_PASS) < 2)
meta SPF_FORGED (!SPF_PASS && DKIM_VALID_AU)
meta DKIM_FORGED (!DKIM_VALID_AU && SPF_PASS)
dont know if it works or not, so just shareing it
So you are goin
On Wed, 7 Oct 2015, Benny Pedersen wrote:
David B Funk skrev den 2015-10-07 01:25:
Why do you say "forwarding hosts must use there own domain as envelope
sender"?
so you like me to use junc.eu domain to send maillists mail to you so spf
does pass ?
wishfull thinking
I was explicitly tal
On Wed, 7 Oct 2015, Benny Pedersen wrote:
Jered Floyd skrev den 2015-10-07 01:16:
I'm also really wary of rules that have scores as high as 8.0, but
that's a separate (and debatable) matter.
untested:
meta FORGED_DOMAIN ((DKIM_VALID_AU + SPF_PASS) < 2)
meta SPF_FORGED (!SPF_PASS && DKIM_VA
David B Funk skrev den 2015-10-07 01:25:
Why do you say "forwarding hosts must use there own domain as envelope
sender"?
so you like me to use junc.eu domain to send maillists mail to you so
spf does pass ?
wishfull thinking
i am not responsible for what damage apache.org does to emails, a
Jered Floyd skrev den 2015-10-07 01:17:
It's a brain dead forwarder that does that, but most forwarders are
brain dead. "aliases" and ".forward" are the most common things out
there.
+1
Jered Floyd skrev den 2015-10-07 01:16:
I'm also really wary of rules that have scores as high as 8.0, but
that's a separate (and debatable) matter.
untested:
meta FORGED_DOMAIN ((DKIM_VALID_AU + SPF_PASS) < 2)
meta SPF_FORGED (!SPF_PASS && DKIM_VALID_AU)
meta DKIM_FORGED (!DKIM_VALID_AU &&
On Wed, 7 Oct 2015, Benny Pedersen wrote:
David B Funk skrev den 2015-10-06 22:33:
So that explicit forward breaks the SPF chain, thus triggering that SPF
fail.
The valid DKIM signature indicates that the message is legit.
its a brain dead forwarder that use the From: header so, if it used
On Tue, 6 Oct 2015, Alex wrote:
Hi,
On Tue, Oct 6, 2015 at 5:05 PM, Kevin A. McGrail wrote:
On 10/6/2015 5:01 PM, Jered Floyd wrote:
Ah; good eyes!
That KAM_FACEBOOK rule is dangerous.
The behavior of forwarding content which effectively is the same as a forgery
is where the danger
l
It's a brain dead forwarder that does that, but most forwarders are brain dead.
"aliases" and ".forward" are the most common things out there.
--Jered
- On Oct 6, 2015, at 7:06 PM, Benny Pedersen m...@junc.eu wrote:
> David B Funk skrev den 2015-10-06 22:33:
>
>> So that explicit forward
>> Can we temper this rule with a check to see if the mail indeed did pass
>> through
>> a fb server? You're checking the From: header, which can obviously be easily
>> spoofed, but perhaps if it originated from a facebook server?
This would be of limited value. As an MTA, you can only believe th
Alex skrev den 2015-10-07 00:42:
Can we temper this rule with a check to see if the mail indeed did
pass through a fb server? You're checking the From: header, which can
obviously be easily spoofed, but perhaps if it originated from a
facebook server?
if DKIM pass, its not tempared
David B Funk skrev den 2015-10-06 22:33:
So that explicit forward breaks the SPF chain, thus triggering that SPF
fail.
The valid DKIM signature indicates that the message is legit.
its a brain dead forwarder that use the From: header so, if it used the
envelope sender it would not break spf,
Hi,
On Tue, Oct 6, 2015 at 5:05 PM, Kevin A. McGrail wrote:
> On 10/6/2015 5:01 PM, Jered Floyd wrote:
>
> Ah; good eyes!
>
> That KAM_FACEBOOK rule is dangerous.
>
> The behavior of forwarding content which effectively is the same as a
> forgery is where the danger lies... If this is behavior t
Forwarding email loses a great deal of sender information and thus harms spam
mitigation, but getting users to never do it will be difficult. There are too
many things that require you to have (for example) a Google account with
automatic GMail address that seems to leak out despite attempts to
On 10/6/2015 5:01 PM, Jered Floyd wrote:
Ah; good eyes!
That KAM_FACEBOOK rule is dangerous.
The behavior of forwarding content which effectively is the same as a
forgery is where the danger lies... If this is behavior that users are
performing, of course then there needs to be appropriate rea
Hi,
>> I've received a handful of messages that appear to be facebook
>> notifications, but fail SPF. They otherwise look completely legit -
>> links to profiles, only URLs to facebook.com and CDN caching sites,
>> and even appears to have been routed through facebook's outgoing mail.
>>
>> All of
Ah; good eyes!
That KAM_FACEBOOK rule is dangerous.
--Jered
- On Oct 6, 2015, at 4:33 PM, David B Funk dbf...@engineering.uiowa.edu
wrote:
> On Tue, 6 Oct 2015, Alex wrote:
>
>> Hi,
>>
>> I've received a handful of messages that appear to be facebook
>> notifications, but fail SPF. They
On Tue, 6 Oct 2015, Alex wrote:
Hi,
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appears to have been routed through facebook's outg
Are you operating a backup MX at the cox.net address? If messages are delayed
and retried to your backup MX, this would explain the SPF failures.
--Jered
- On Oct 6, 2015, at 1:38 PM, Alex mysqlstud...@gmail.com wrote:
> Hi,
>
> I've received a handful of messages that appear to be faceb
Am 06.10.2015 um 19:45 schrieb Joe Quinn:
On 10/6/2015 1:38 PM, Alex wrote:
Hi,
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appea
Am 06.10.2015 um 19:44 schrieb Reindl Harald:
Am 06.10.2015 um 19:38 schrieb Alex:
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appe
HI,
>> I've received a handful of messages that appear to be facebook
>> notifications, but fail SPF. They otherwise look completely legit -
>> links to profiles, only URLs to facebook.com and CDN caching sites,
>> and even appears to have been routed through facebook's outgoing mail.
>>
>> All of
On 10/6/2015 1:38 PM, Alex wrote:
Hi,
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appears to have been routed through facebook's out
Am 06.10.2015 um 19:38 schrieb Alex:
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appears to have been routed through facebook's out
Hi,
I've received a handful of messages that appear to be facebook
notifications, but fail SPF. They otherwise look completely legit -
links to profiles, only URLs to facebook.com and CDN caching sites,
and even appears to have been routed through facebook's outgoing mail.
All of that could be fa
On 10/5/2015 9:33 PM, Jo Rhett wrote:
Looking at my spam block statistics, not a single IP I’ve reported to
SoftLayer over the last two years has been shut down. Is there any
reason I shouldn’t just block all their allocations and save myself
some effort?
Maybe just add a rule to increase the s
> Am 06.10.2015 um 04:33 schrieb Jo Rhett :
>
> Looking at my spam block statistics, not a single IP I’ve reported to
> SoftLayer over the last two years has been shut down. Is there any reason I
> shouldn’t just block all their allocations and save myself some effort?
If there are any not yet
28 matches
Mail list logo
