[mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-06 Thread Benoit Panizzon via mailop 
Hi List

One more technical question after some discussion with one of our
customers.

Sender has SPF entry:

"v=spf1 ip4:10.1.2.0/25 include:_spf.example.com -all"

_spf.example.com either has no txt entry or just does not exist.

So from my point of view, the SPF entry is still valid as it has at
least one valid element which designates an ip range which wending is
permitted.

My customer claims an invalid include: renders the whole entry invalid
causing some service provider to classify such emails as spam.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

2023-06-06 Thread John Levine via mailop 
It appears that Al Iverson via mailop  said:
>How long until Google, Yahoo, others stop accepting that forwarded
>mail from Microsoft, is another way to frame that.

The problem is that you can't tell it's forwarded, since it comes
from the same servers that sent real mail for the forged domains.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

2023-06-06 Thread Benny Pedersen via mailop 

John Levine via mailop skrev den 2023-06-06 11:45:

It appears that Al Iverson via mailop  said:

How long until Google, Yahoo, others stop accepting that forwarded
mail from Microsoft, is another way to frame that.


The problem is that you can't tell it's forwarded, since it comes
from the same servers that sent real mail for the forged domains.


dkim is not your friend ? :=)

if not dkim signed and freemail ?, whats next ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

2023-06-06 Thread Mark Alley via mailop 
Update on this - it appears that Google will now be restricting BIMI
display to specifically DKIM authenticated mail.

Link below, see the update on the article.

https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priority-1-probe

"This issue stems from a third-party security vulnerability allowing bad
actors to appear more trustworthy than they are. To keep users safe, we are
requiring senders to use the more robust DomainKeys Identified Mail (DKIM)
authentication standard to qualify for Brand Indicators for Message
Identification (blue checkmark) status.”


On Mon, Jun 5, 2023, 7:17 PM Mark Alley  wrote:

> Last time it was reported to Microsoft, IIRC the individual got the
> response, "it's working as expected" as to the vulnerability that allows
> aligned SPF mail to be forwarded without SRS from any tenant.
>
> Realistically, DMARC and BIMI are working as expected in this scenario.
> Email was (re)sent from an (at the time) authorized IP address and an
> aligned RFC5321.mailfrom header for ups.com. The fault lies partly with
> UPS for keeping the include for Exchange Online in their Hosted SPF macro
> (unnecessary because they don't send directly from O365), and partly with
> Microsoft for allowing and enabling this forwarding vulnerability to exist.
>
> O365 customers can mitigate this by ensuring they sign DKIM and remove the
> O365 include where feasible (only possible if O365 is not a domain's last
> hop), or by signing DKIM and making the O365 include a SPF neutral
> disposition.
>
> The former is the easiest and least impactful, assuming one meets that
> criteria; The latter - it's a dirty fix - but current reality is anyone
> that uses O365 relying on their SPF include will be vulnerable to this
> until Microsoft fixes the root cause.
> - Mark Alley
>
>
>
> On 6/5/2023 6:06 PM, Al Iverson via mailop wrote:
>
> How long until Google, Yahoo, others stop accepting that forwarded
> mail from Microsoft, is another way to frame that.
>
> Good to see it getting some attention. I'll be curious to see who
> addresses it and how.
>
> Cheers,
> Al Iverson
>
> On Mon, Jun 5, 2023 at 3:01 PM Alex Liu via mailop  
>  wrote:
>
>
> Looks like the bad guys are exploiting Outlook's forwarding feature to bypass 
> BIMI.
> https://twitter.com/chrisplummer/status/1664075886545575941
>
> We reported this issue in 
> April:https://www.sysnet.ucsd.edu/~voelker/pubs/forwarding-eurosp23.pdf
>
> --
> Regards,
> Enze "Alex" Liu
> PhD Student
> Department of Computer Science and engineeringe7...@eng.ucsd.edu
> University of California, San Diego
> ___
> mailop mailing listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop
>
>
>
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-06 Thread Mark Alley via mailop 
https://datatracker.ietf.org/doc/html/rfc7208#section-5.2

See the table at the bottom of the section regarding recursive check_host()
evaluation.

In this case, the recursive check_host() function returned "none" as a
result from the include mechanism, and therefore according to the table,
the parent check_host() function returns permerror as a result.

So your customer is correct.

-Mark Alley

On Tue, Jun 6, 2023, 2:42 AM Benoit Panizzon via mailop 
wrote:

> Hi List
>
> One more technical question after some discussion with one of our
> customers.
>
> Sender has SPF entry:
>
> "v=spf1 ip4:10.1.2.0/25 include:_spf.example.com -all"
>
> _spf.example.com either has no txt entry or just does not exist.
>
> So from my point of view, the SPF entry is still valid as it has at
> least one valid element which designates an ip range which wending is
> permitted.
>
> My customer claims an invalid include: renders the whole entry invalid
> causing some service provider to classify such emails as spam.
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Problems with Proofpoint?

2023-06-06 Thread Eoin Finn via mailop 
Hi All,

Is anyone else seeing this resurfacing?

We've seen a large number of 421 Deferred - see
https://ipcheck.proofpoint.com/?ip=

What's odd is, it's affecting some of our best senders with very good list
hygiene and great engagement, open, click and reply rates, very few
bounces, little spam complaint /unsub rates, pretty strong data sourcing
techniques, verifiable opt-in etc.
My colleague has reached out on a few occasions but we haven't got any true
answers that help us identify the root of the issue, it seems to be
affecting a variety of customers good, bad and great.

@Andrew - Do you remember what the resolution for your issue was?

Kind regards,

*Eoin Finn*
HubSpot 
Senior Deliverability Ops
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop