Am 23.08.2017 um 21:58 schrieb John Miller:
Finally, be _very_ careful about using the SPF qualifier "-all" to
start out with. What you're saying there is that the only server
authorized to _send_ mail for X.TLD is the one listed in the MX.
Unless people are always logging directly into the mail server to
send, you're better off with "~all" or "?all" to begin with
for the sake of god don't use "?all"
in that case you can skip SPF completly
why?
because a receiver can't use whitelist based on SPF because
whitelist_auth in SpamAssassin just skip a "i do not care about SPF"
record while "~all" qualifies for SPF_PASS and whitelisting while the
scoring of a SPF_SOFT_FAIL is much lower than SPF_FAIL
"?all" is the same as not have a SPF record at all in reality
and in 2017 people *have* to use the submission server which belongs to
a domain and not any random one while any random one should not allow to
send mail with a foreign envelope to start with - all that crap sevrers
shoukd be banned from the internet and spamfiltering would become so
much easier
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
