> On 21 Aug 2023, at 10:08, Laurent S. via mailop <mailop@mailop.org> wrote: > > > On 21.08.23 10:26, Laura Atkins via mailop wrote: > >> This recommendation doesn’t make sense. For companies that actually >> reject due to SPF, they’re most likely going to do it after MAIL FROM: >> At this point in the transaction, they don’t know what the DMARC domain >> is. They can look up DMARC for the domain in the MAIL FROM: but that may >> or may not be connected to the actual domain in the 5322.from. >> >> I mean, I think it’s a bad idea to reject for SPF failures, but for >> folks who do I can’t imagine they want to see the full content of the >> message before just throwing it away. That seems wasteful. >> >> laura >> > > > Exactly. Also, I don't think that all the scenario where a legitimate > mails gets a SPF failure (due to forward/relay for instance) a DKIM will > still be good. If they don't care about breaking SPF, I guess they don't > care about breaking DKIM either. Avoiding to break SPF isn't rocket science.
I think you misunderstood me. There are lots of straight forwarding situations where SPF is broken, but DKIM is intact. I think it’s a poor operational decision to block on SPF failure, but I also think it’s a poor operational decision to SPF -all. But this is all chickens coming home to roost where folks are rejecting wanted mail due to SPF failures. I think it says something that we’re almost 20 years into SPF being a thing, and it’s just now where it’s causing consequences. Does that mean no one has been enforcing it right? Or we’re just now noticing? Or something else completely. > We reject on SPF hard failure (-all) after RCPT TO, in order to still > let our users welcome list repeat offenders. For this, the sender host > (or ip) must have been provided. This works great with mailing-lists and > forwards for instance. How do your users know to welcome list if the mail is rejected before it gets to the user? Do you notify them you rejected mail being sent to them or something? laura -- The Delivery Expert Laura Atkins Word to the Wise la...@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
