Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?
On Fri, 26 May 2023, Scott Mutter via mailop wrote: If you ask me - a better solution would be to do away with forwarding completely and incorporate POP checks, like Gmail does. This alleviates all of the issues with forwarding mail in relation to SPF and DKIM. What happens when I send a letter to you at your previous employers address ? Do they write your new employer's address on the envelope and put it in the outgoing mail ? Or do they give you a key so that you can check your pigeon-hole out of hours (since you cannot go in in working hours) ? If you are a university researcher, your published papers probably show your institutional email address, so there is likely to be mail you want as well as all the spam, and young researchers do move around to gain experience. Sadly the current solution appears to be to use your gmail address, which is OK unless someone does to Google what Musk did to Twitter ... -- Andrew C. Aitchison Kendal, UK and...@aitchison.me.uk ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?
Dnia 26.05.2023 o godz. 13:16:39 Scott Mutter via mailop pisze: > If you ask me - a better solution would be to do away with forwarding > completely and incorporate POP checks, like Gmail does. This alleviates > all of the issues with forwarding mail in relation to SPF and DKIM. No, because you are replacing a service that operates on a "push" principle - which is the very basis of email - by a service that operates on a "pull" principle. You don't need any active action on your part to receive email someone sends you, even if it is forwarded. On the contrary, you *do* require constant active checking of the POP account you want to download mail from. If you stop checking, you won't get the mail. If you change the password on your POP account, you need to change it also on the downloading side etc. - a lot of actual inconveniences. With that way of thinking, you can get rid of email completely, and just regularly check some website where people can write messages for you... And, taking into account that POP is quite outdated, many sites don't implement it anymore and offer IMAP only. So downloading via POP won't work anyway. > If forwarding mail is so important, can a better system > for handling forwarded mail be developed? Since forwarding was before SPF, I would trun this question the other way: if checking the "legitimacy" of the sending server is so important, can a better system for handling this (that takes mail forwarding into account) be developed? Myself, I don't think that SPF and other methods of checking "authenticity" of the email are so important at all. Normal, unsigned email is an *untrusted* method of communication *by definition*. If you want email to be "authenticated", you should end-to-end sign it with your PGP or PKI private key when sending. Period. I don't check SPF, DKIM or DMARC on incoming mail at all. Content checking and blacklist checking is much more important in actual spam prevention than doubtful "authenticity" checking. That's of course my opinion, you can have a different one. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?
Jaroslaw Rafa via mailop writes: > Dnia 26.05.2023 o godz. 13:16:39 Scott Mutter via mailop pisze: >> If you ask me - a better solution would be to do away with forwarding >> completely and incorporate POP checks, like Gmail does. This alleviates >> all of the issues with forwarding mail in relation to SPF and DKIM. > > No, because you are replacing a service that operates on a "push" principle > - which is the very basis of email - by a service that operates on a "pull" > principle. > > You don't need any active action on your part to receive email someone sends > you, even if it is forwarded. > On the contrary, you *do* require constant active checking of the POP > account you want to download mail from. If you stop checking, you won't get > the mail. If you change the password on your POP account, you need to change > it also on the downloading side etc. - a lot of actual inconveniences. > > With that way of thinking, you can get rid of email completely, and just > regularly check some website where people can write messages for you... > > And, taking into account that POP is quite outdated, many sites don't > implement it anymore and offer IMAP only. So downloading via POP won't work > anyway. > >> If forwarding mail is so important, can a better system >> for handling forwarded mail be developed? > > Since forwarding was before SPF, I would trun this question the other way: > if checking the "legitimacy" of the sending server is so important, can a > better system for handling this (that takes mail forwarding into account) be > developed? > > Myself, I don't think that SPF and other methods of checking "authenticity" > of the email are so important at all. Normal, unsigned email is an > *untrusted* method of communication *by definition*. If you want email to > be "authenticated", you should end-to-end sign it with your PGP or PKI > private key when sending. Period. > > I don't check SPF, DKIM or DMARC on incoming mail at all. Content checking > and blacklist checking is much more important in actual spam prevention than > doubtful "authenticity" checking. That's of course my opinion, you can have > a different one. Hellow Jaroslaw! Whooa, you have good insight and view. I do agree with you, and thanks! Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))// ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?
It appears that Jaroslaw Rafa via mailop said: >With that way of thinking, you can get rid of email completely, and just >regularly check some website where people can write messages for you... Dan Bernstein, who wrote qmail when he probably should have been thinking about cryptography, had an idea for a reworked mail system along these lines: https://cr.yp.to/im2000.html You can tell from its name how long ago it was, and from the fact that you never heard of it before how successful it was. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] push and pull, Microsoft Office365 not rejecting emails when instructed so by SPF recored?
Dnia 27.05.2023 o godz. 13:43:08 John Levine via mailop pisze: > Dan Bernstein, who wrote qmail when he probably should have been thinking > about > cryptography, had an idea for a reworked mail system along these lines: > > https://cr.yp.to/im2000.html > > You can tell from its name how long ago it was, and from the fact that you > never heard of it before how successful it was. Ah, the infamous Internet Mail 2000... Actually, I *did* hear about it before. Never heard of someone trying to actually implement even a working prototype, however. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF record?
On 2023-05-26 at 13:16 -0500, Scott Mutter via mailop wrote: > If you ask me - a better solution would be to do away with forwarding > completely and incorporate POP checks, like Gmail does. This > alleviates all of the issues with forwarding mail in relation to SPF > and DKIM. > > But I know that stance is wildly unpopular since it breaks the "it > used to work that way" narrative. But at some point you add so much > to a system that it becomes so bloated and overloaded that nothing > can be accomplished. The more simple a system is the more efficient > it is going to be. Outside of external mail server forwarders, a > properly constructed SPF record can go a long, long way towards > alleviating the spam problem. How much is it worth to keep external > forwarders working at the cost of spam prevention? If forwarding > mail is so important, can a better system for handling forwarded mail > be developed? I'm just not sure if the answer is to continue to add > systems and directives to email to solve all of this. There is a very simple solution, which is to let the user configure in the receiving system: "I will be forwarding emails to this account from ", or "from " (automatically using the spf and/or dkim of that domain). If you are forwarding, the forwarding server is part of your email infrastructure, it is to be trusted. It makes no sense to check SPF on the IP of the MTA you have configured should be forwarding to . Such server would then be in a privileged position to impersonate other servers, but so could it do already through the forwarded account (one might want to require as well a header such as Delivered-to: showing it went through the forwarded mailbox, to avoid granting extra rights to other users with a mailbox on the forwarder). So why isn't this used? Basically, lack of implementation at the receiver side. If you run your own receiver MTA it's trivial to do, but if the receiver account is run by a third-party you usually have no option to configure that, which is exactly what would be needed. Regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
