On Sun 19/Jun/2022 11:32:14 +0200 Jaroslaw Rafa wrote:
Dnia 19.06.2022 o godz. 08:40:18 Noel Butler via mailop pisze:
I was a very early (even in testing) user of SPF, It's rather commical
reading these FUD sayers about SPF and mailing lists, it has never been a
problem with mailing lists, not using mailman nor its more common
predecessor majordomo, and I've never noticed anything wrong with qmail
users ezmlm.
While SPF *alone* is no problem with mailing lists - I agree with you - then
SPF used with DMARC (and that was what I had in mind, maybe I was not
precise enough) indeed *is*, as as you surely know, SPF with DMARC
effectively requires not only that SPF itself passes, but envelope-from and
header-from are identical (or at least point to the same domain). This has
been discussed here multiple times. So mailing list would have to rewrite
the header-from of the messages, which indeed some mailing lists do (eg.
Google Groups), but I consider this being more a problem than a solution.
I don't see what's the problem in rewriting. I cannot send you a faked message
pretending to be from the mailing list, and that's good. Yes, this could be
done using DKIM alone, but then filtering software wouldn't know which
signatures were relevant. Tying authenticity to the From: domain did the deed.
Mailing lists can operate minimal changes, like this list does, for example. I
received your message with "From: Jaroslaw Rafa <r...@rafa.eu.org>" after my
filter verified that your DKIM signature still validates upon undoing their
changes.
Other mailing lists work like web fora.
As for forwarding, SPF is only a problem if you dont follow standards and
re-write.
Hm... as far as I know, the most obvious (and being *de facto standard* -
regardless of not being formalized anywhere) method of forwarding, which is
the use of .forward file (or equivalent methods, like /etc/aliases), does
not rewrite anything. Blaming users for using what they have available, and
using it as designed, does not make much sense.
So you'd keep on trying to forward blindly to u...@example.com even after user
withdrew his account at example.com and example.com itself dropped the domain
name? Or else you change the bounce address to someone who can amend that
dot-forward file.
Plus, use of SPF with DMARC - even with rewriting - causes the same problem
as with mailing lists.
Yes, you have to rewrite From: as well, if you alter the message.
Of course, you don't have to publish a DMARC record. But then, Google won't
like your mail...
Neither you have to publish MX...
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
