Brandon Long via mailop skrev den 2023-07-11 18:50:
I assumed most people had already tuned their systems to ignore +all or overly broad IP ranges, spammers abused that like a decade ago.
so why did gmail.com add 300000+ ipv4 when it could be simple as +all ? :)
i did not count ipv6 on gmail.com
I feel like we even discussed it here, including having to exempt Apple who had their entire class A listed at one point (they no longer do).
we could hope for less ip space allowed in spf with is imho the real thing to solve, sadly +all and losts of valid ips is also valid, eg ip4:0.0.0.0/0 -all is complete nonsens, but valid in spf
if spf should solve this nonsense its needs to calc how many ips is listed in total, i would if over 256 ips consider domain as +all and in spamassassin untrust it as a spamming domain
Saying anyone can send mail as your domain is saying you don't care about who abuses your domain... or you're protesting against modern email and pining for the old days.
we could start using uucp and usenet again :)
And agreed, it doesn't solve the mailing list DMARC problem because the spf is done against the envelope sender which will be the bounce address for the mailing list, and that won't align with the from header domain.
there is no dmarc problem if we ask maillist owners, mailman solve it all :)
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop