> On Dec 21, 2025, at 11:48 AM, Alessandro Vesely <[email protected]> wrote: > > On Sun 21/Dec/2025 20:22:56 +0100 tale via bind-users wrote: >> On Wed 03/Dec/2025 04:04:17 +0100 tale via bind-users wrote: >>> On Tue, Dec 2, 2025 at 5:26 AM Dan Mahoney <[email protected]> wrote:
>> Please stop. If your messages are getting through (no matter that, at this point, the headers are already way more bloated than the message body), then things are working as intended. If you're getting blowback messages to your RUA/RUF addresses, that is a datapoint, and is part of the experience. You will never not get those because forwarding is still a thing and there are still broken clients and always will be. If you can point me at an actual problem, instead of just telling me how to run our infrastructure, I invite you to contact me privately, and stop wasting the time of the people who are here to discuss the actual DNS software or protocols that this list is for. If your messages are being discarded, then maybe you're seeing some of the inherent flaws in a system that was built while ignoring one of the most common use cases out there at the time. (It's this. You're using it right now.) SPF (with both TXT records, and SPF records) were flawed. SenderID (which built on SPF) was flawed. Domainkeys were flawed. ADSP was flawed. DKIM was flawed. DMARC remains flawed, and ARC has the "okay, people can arc-seal things but how do we know we can trust that ARC seal?". Well, we're a non-profit that runs critical internet infrastructure since before Gmail was in beta (did it ever come out of beta?). If you can't trust us, don't use our mailing lists, or our software. And no matter what, scamming people is a billion dollar industry because the MUA's, by default, still hide the fact that you have a FROM line like: From: "Company President" <[email protected]> Subject: I need you to buy gift cards as a treat for the company. ...and disable any critical thinking in the recipient because they just display [Your Boss] At this point, most people doing DMARC/DKIM are doing it so they can deliver to Gmail and o365, who still are black boxes that break regularly -- and I know there are some names on this list that I also see on the relevant lists related to running mail servers, that are witnessing it first-hand. -Dan -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
