Hi,
Dňa 13. júla 2023 23:42:15 UTC používateľ Grant Taylor via mailop
<mailop@mailop.org> napísal:
>I absolutely think that it's quite possible to apply SPF independently
>nowadays.
Possible? Yes. Expected? Hard to tell... See latter.
>Is it better to fail soft and slow or hard and fast?
From which point of view?
>Sure, SPF publishers make mistakes.
We all are doing mistakes...
>I'll argue that if I set a "-all" on my SPF record that I really honestly and
>truly want no server than my authorized server to send email claiming to be
>from me. This includes mailing lists.
I assume that you are aware of DMARC checking, as defined in RFC 7489,
thus i shorten only important parts. The receiver:
1. gets MIME From: domain
1. gets DMARC policy
2. does DKIM check
3. does SPF check
4. does alignment check
5. applies policy
My understanding of that RFC is that both, SPF/DKIM checks happens
as part of DMARC.
That RFC clearly states, that fail ("-all") can be applied by **some**
receivers before DMARC checks. I understand that section to be
included as note, that not all receivers does DMARC checks, not
as suggestion to do that before DMARC. Am i wrong?
My understanding is, that DMARC compliant receivers doesn't
do independent SPF/DKIM checks, they are done as part of
DMARC (see diagram in RFC). But doing these independed checks
is is not exactly prohibited, which IMO really lacks there.
Of course, where i wrote independent check, i mean apply
result too.
>For a business selling email services, no.
Agree, but i don't extract bussines to separate category.
>I say this because I think that people don't /need/ to learn about / mess with
>encryption when they are /first/ starting to learn about email servers.
Yes, starting without encryption is good. It makes debuging/learning
significantly simpler.
>I've routinely seen MSAs configured with longer time out values than MTAs.
I remember my 28.8 kbit/s modem and download 50 MB MySQL
upgrade as whole day task ;-)
>What's the actual violation? What fails to function from and end users stand
>point?
eg. MTA are prohibited to modify message. But yes they do it...
>For Sendmail, it's actually more complicated to run multiple instances of the
>daemon.
I was not enough clear, these instances are not running on the same host
(container) for the same reasons as you mentioned, sorry.
regards
--
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
