[Mailman-Users] SPF best practices?
Stephen J. Turnbull
stephen at xemacs.org
Sun Aug 23 19:59:16 CEST 2015
Mark Sapiro writes:
> On 08/23/2015 08:13 AM, Stephen J. Turnbull wrote:
> >
> > Executive summary: if you're sure you've got all your hosts covered by
> > the SPF record, use -all as Jim P says.
>
> There is an issue with -all. SPF does not work with .forwards or other
> relaying of that nature. If you can be certain that every recipient's
> final MX is the one your server sends to, then -all is OK, but you
> can't.
True enough.
Note: If I took that argument seriously, I'd use ?all, not ~all,
though. According to RFC 4408, you shouldn't reject a message only
because of an SPF softfail, but it's not neutral, either. Mail will
be lost if you use ~all, just not as much.
> The scenario is your list member is user at example.com.
> user at example.com is set to forward all mail to example_user at yahoo.com.
Heh. This user is screwed if you use dmarc_moderation_action too.
Bottom line: Friends don't let friends use Yahoo! or AOL.
More information about the Mailman-Users
mailing list