In article <3423731.dTAWf75mkY@linux-9daj> you write: >today i got mail including this: > ><jab...@hopcount.ca>: host aspmx.l.google.com[2607:f8b0:400e:c08::1b] said: > 550-5.7.26 This message does not have authentication information or fails > to 550-5.7.26 pass authentication checks. To best protect our users from > spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 > https://support.google.com/mail/answer/81126#authentication for more 550 > 5.7.26 information. l73si7852706pfd.109 - gsmtp (in reply to end of DATA > command) > >this is because i had no SPF record in my domain's TXT RRset. ...
Sort of. Google only accepts mail over IPv6 that validates either with SPF or DKIM. You can send them mail over IPv4 same as always. I am not a big fan of SPF so I sign my mail with DKIM. >i briefly considered adding such a record until i found that only one TXT >string is permitted, so TXT "v=spf1 mx" not TXT (v=spf1 mx) in the zone file. Nope. You can have as many strings as you want. They're treated as though they were one catenated string. This is a concession to provisioning crudware that doesn't handle multi-string TXT records very well. (Those I agree are often ignorant.) >i guess i'll just add one with "v=spf1 +all" to shut google up? It is rarely a good idea to assume that the people to whom you are sending your mail are stupid. Your SPF of "mx ~all" is fine. >so many ignorant and poor judgements shaping this future. You can certainly disagree with Google's choices here, but they had their reasons and it's not because they're ignorant. What is convenient for those of us with individual or SME mail systems doesn't scale very well to systems that have to defend against billions of spam messages every day. _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations