On 7/17/23 6:07 PM, Reindl Harald wrote:
because we have 2023 and in the last decade everybod with a brain was
using spf and sender-spoofing-rejection fro envelopes
I wish that was the case.
There was a recommendation on mailop less than a week ago that people
only set up SPF records to appease Google and the person recommending
this actively discouraged doing any filtering on SPF.
IMHO there are too many people not utilizing SPF /
sender-spoofing-rejection for envelopes.
we can agree that fools are doing foolish things
Can we agree that Google states that DKIM is sufficient to send email to
them?
and? this idiotic nitpicking leads nowhere and in the real world SPF is
way easier to setup and maintain
I've seen too many people nay saying / lamenting / poo pooing SPF.
People on mailing lists like mailop / and various IETF mailing lists.
In the last month, of 2023, I've seen multiple people suggest:
- that SPF should not be done
- that you should publish a record but not filter on SPF
- to publish questionable / soft SPF records; "~all" / "?all", or
$DEITY forbid "+all"
- ignore the result of the SPF test and filter on something else
but that's not the topic
the topic is you pretend mailing lists are using subsribers
envelope-from in 2023
I'm not pretending. I have seen mailing lists in the last year send
messages using subscribers email address in the RFC5321.MailFrom
envelope address. - I don't have any examples handy.
oh - they have been changed - guess why!
I know why the ones that have changed have done so. But there are still
a small number that haven't yet changed.
the topic is you pretend mailing lists are using subsribers
envelope-from in 2023
Believe me or don't. I still see a small number of mailing lists
sending messages with subscribers addresses as the RFC5321.MailFrom in 2023.
These types of messages will be filtered by the recommendation to reject
any local recipient address as the RFC5321.MailFrom envelope address
mentioned earlier in thread.
for a mail you send today it's irrelevant what was state of play in 2010
I'm talking about 2023, not 2010.
I don't remember which thread on which mailing list, but within the last
week I saw multiple people saying that services doing forwarding should
not rewrite sender addresses and that it was the downstream recipient's
system's fault for rejecting the message for -- what they considered to
be -- silly things like SPF failure.
Yes, it is 2023 and yes there are people / mailing lists / MTAs /
organizations trying -- and largely failing -- to re-send messages using
the inbound RFC5321.MailFrom envelope address.
I say this so that people can make an informed decision. Despite all
the recommendations to the contrary, people still run with scissors in
hand and run at the pool. Very bad ideas still happen.
Grant. . . .
