Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-09 Thread Gellner, Oliver via mailop 

> On 09.06.2023 at 09:36 Alessandro Vesely via mailop wrote:
>
> RFC 6652 provides for setting ra= and rr= tags, which are themselves flagged 
> as errors by most SPF checking sites...

Does someone use those SPF tags or has any practical experience with them and 
ever received some reports? Or do those tags only exist in theory, like ruf in 
DMARC records?

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-09 Thread Slavko via mailop 
Dňa 9. júna 2023 16:07:28 UTC používateľ Andrew C Aitchison via mailop 
 napísal:

>I asked one of the checker websites about that and recieved the reply:
>  RFC6652 is a proposed standard from 2012, but was replaced by DMARC in 2015.
>  DMARC reports on both SPF and DKIM.

But that is their point of view, as RFC 6652 doesn't seem to
be marked as obsolete or so...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Cox on the list that can help me out?

2023-06-09 Thread Scott Undercofler via mailop 
Replied off list. 

> On Jun 9, 2023, at 8:21 AM, Michael E. Weisel via mailop  
> wrote:
> 
> Hi fellow Mailopers, I hope everyone had a great week.  I was wondering if 
> there was anyone on the list from the Cox Postmaster team that may be able to 
> contact me off list?  I’m trying to help one of our clients who had a sudden 
> block on Monday/Tuesday, but I haven’t gotten a response back from 
> unblock.requ...@cox.net .  Thank you in 
> advance for the help.
>  
>  
>  
> Thanks,
>  
> Michael
>  
> Michael E. Weisel
> CTO / Deliverability Lead
> Gold Lasso
> (301) 990-9857 Corporate
> (240) 813-0174 Direct Dial
>  
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-09 Thread Andrew C Aitchison via mailop 


On Fri, 9 Jun 2023, Alessandro Vesely via mailop wrote:


On Fri 09/Jun/2023 07:37:06 +0200 Benoît Panizzon via mailop wrote:


If you don't care enough to publish a valid SPF record, why should we 
think you care whether we deliver your mail?


The customer in question used an ESP to send marketing emails. That ESP 
told him what host to include in his SPF record.


Probably some years later, that ESP changed domain and that include became 
invalid.



Anyone took care to alert them about that error?

RFC 6652 provides for setting ra= and rr= tags, which are themselves flagged 
as errors by most SPF checking sites...


I asked one of the checker websites about that and recieved the reply:
  RFC6652 is a proposed standard from 2012, but was replaced by DMARC in 2015.
  DMARC reports on both SPF and DKIM.

Benoît, does the domain in question receive DMARC reports ?

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from Cox on the list that can help me out?

2023-06-09 Thread Michael E. Weisel via mailop 
Hi fellow Mailopers, I hope everyone had a great week.  I was wondering if 
there was anyone on the list from the Cox Postmaster team that may be able to 
contact me off list?  I’m trying to help one of our clients who had a sudden 
block on Monday/Tuesday, but I haven’t gotten a response back from 
unblock.requ...@cox.net.  Thank you in advance 
for the help.



Thanks,

Michael

Michael E. Weisel
CTO / Deliverability Lead
Gold Lasso
(301) 990-9857 Corporate
(240) 813-0174 Direct Dial

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry, invalidate the whole SPF entry?

2023-06-09 Thread Jaroslaw Rafa via mailop 
Dnia  9.06.2023 o godz. 12:29:46 Joel M Snyder via mailop pisze:
> If you want to spend an amusing few moments, try querying large
> organization's DNS records for TXT and count the number of "we had
> to put this in to verify a cert/web site/service" records that were
> added for one-time domain verification and are still in, years
> later. Sometimes there are enough that the record no longer fits in
> UDP and requires a TCP response...

It's off-topic, but doesn't Google re-verify the site periodically and thus
requires that the verification record be present all the time?

I had an impression (maybe wrong) that it does...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry, invalidate the whole SPF entry?

2023-06-09 Thread Joel M Snyder via mailop 

Alessandro Vesely  possibly may have written:

>>> If you don't care enough to publish a valid SPF record, why should
>>> we think you care whether we deliver your mail?
>>
>> The customer in question used an ESP to send marketing emails.
>> That ESP told him what host to include in his SPF record.
>>
>> Probably some years later, that ESP changed domain and that include
>> became invalid.
>
>Anyone took care to alert them about that error?

In my experience, most organizations don't have a good handle on their 
public facing DNS (or their private, but that's a different issue), and 
making changes to these records is a process that the staff find fraught 
with confusion, career-ending moments, and fear.


The lack of self-documentation in the DNS ("Why did we put that in the 
DNS and who was responsible and do we still need it?") exacerbates the 
problem.


Fixing SPF records is not a simple thing in today's Internet-connected 
organizations.  Alerting them of these errors seems to increase entropy 
rather than reduce it.  Again, in my experience.


If you want to spend an amusing few moments, try querying large 
organization's DNS records for TXT and count the number of "we had to 
put this in to verify a cert/web site/service" records that were added 
for one-time domain verification and are still in, years later. 
Sometimes there are enough that the record no longer fits in UDP and 
requires a TCP response...


% dig TXT unhcr.org

; <<>> DiG 9.10.6 <<>> TXT unhcr.org

;; ANSWER SECTION:
unhcr.org.		300	IN	TXT 
"4dPjn0bLvSs+K1Q8VUB00xdR09jgiB5+coOxz3Av9vqDDYIYHPjyKl9KLiCCeD02xwqfVw19LtQ/gcVDIjgxDw=="

unhcr.org.  300 IN  TXT "591eoor52joegqskl9ac184iqd"
unhcr.org.  300 IN  TXT "5t8fcmfgf2nc2ndqaqs2pvdfcf"
unhcr.org.  300 IN  TXT "8h8bhm0dhut6hn1l4do8fn85jh"
unhcr.org.  300 IN  TXT 
"MS=3CE9D5FA6A0EB3B64A7A7A3F8D026EF18EA80952"
unhcr.org.  300 IN  TXT "MS=ms93905490"
unhcr.org.  300 IN  TXT "dt6emv4ipvnvvmv3noolv6o777"
unhcr.org.  300 IN  TXT "gimrcjfu91s3qfhkri8g0k58r6"
unhcr.org.		300	IN	TXT 
"google-site-verification=MLsLR2HAZQ9BMHTaAGabN7Y62_qNhrHX4F3N632MIUE"
unhcr.org.		300	IN	TXT 
"google-site-verification=mH2vWa5Es_J_duT7AnEGWVofbE3N4ShF72gG2du8R9k"

unhcr.org.  300 IN  TXT "iqtn0542llv1l0pnarfakldjpn"
unhcr.org.  300 IN  TXT "p05bsp32i1jsuk7ak49t2tc2lt"
unhcr.org.  300 IN  TXT "pj3c7mlmlrije8a3o6jqsruuc3"
unhcr.org.		300	IN	TXT 
"teamviewer-sso-verification=56587a1763d8457ba2d7de6b280aeb19"

unhcr.org.  300 IN  TXT "tho1nrl5f4k0t5d2j7cqp0jgm4"
unhcr.org.		300	IN	TXT	"v=spf1 include:spf.protection.outlook.com 
include:spf1.unicc.unicc.org include:spf1.unhcr.org -all"
unhcr.org.		300	IN	TXT 
"webexdomainverification.4C675B87D61AB136E053AB06FC0A3F65=15e740df-26f8-4339-b9d8-d119e4065d24"



% dig TXT mcdonalds.com

; <<>> DiG 9.10.6 <<>> TXT mcdonalds.com
; ANSWER SECTION:

mcdonalds.com.		3600	IN	TXT 
"amazonses:24YzB2l981UTyShDCxFnkb9onqr7EICEKxuiXuT0JsE="
mcdonalds.com.		3600	IN	TXT 
"amazonses:2yrtLrBZnUnx460KXwTUxZ01Ud5ZLaiIxLObRgOROXw="
mcdonalds.com.		3600	IN	TXT 
"amazonses:w61li6pZNv7ThE859iAQ4pB3r+/V0o3raZ+l+MjGGUM="
mcdonalds.com.		3600	IN	TXT 
"bu6vtqae5ivnlcygdwdv5tlv3ouelhgc._domainkey.us.mcdonalds.com 
bu6vtqae5ivnlcygdwdv5tlv3ouelhgc.dkim.amazonses.com"
mcdonalds.com.		3600	IN	TXT 
"facebook-domain-verification=kgdg0z0q8plsrhydjn7cfc4060qs7e"

mcdonalds.com.  3600IN  TXT 
"fcr34w4ydxvjlpfd378b6gy13sp70nl7"
mcdonalds.com.		3600	IN	TXT 
"globalsign-domain-verification=sQ-XKBfUo5JDJd8xvoOg94ZQ0q4WWtarHMUXPLXva-"
mcdonalds.com.		3600	IN	TXT 
"google-site-verification=8P1qbyxjsZuEtxjuD8vE7jaw73fnw7996n0mmon34wQ"
mcdonalds.com.		3600	IN	TXT 
"google-site-verification=dWgCJy1wnoMQHUrevkULexZ6C4F67zRJRyhd2BD_0JM"
mcdonalds.com.		3600	IN	TXT 
"google-site-verification=iBg7YjcBWxqMsH0VIfkAY9LwQ9Q6HNstaznRQmt-JBo"
mcdonalds.com.		3600	IN	TXT 
"i3ercugito3yrnvxyidnkrs3ronr4jyy._domainkey.us.mcdonalds.com 
i3ercugito3yrnvxyidnkrs3ronr4jyy.dkim.amazonses.com"

mcdonalds.com.  3600IN  TXT 
"m44vwjmxlvh26mg9nf08qshrn8rzy3s3"
mcdonalds.com.		3600	IN	TXT 
"m4gcv5ds4osmwyunlxglow4zhbi2av7n._domainkey.us.mcdonalds.com 
m4gcv5ds4osmwyunlxglow4zhbi2av7n.dkim.amazonses.com"
mcdonalds.com.		3600	IN	TXT	"v=spf1 include:spf.mailjet.com 
include:_spf.q4press.com include:amazonses.com include:_spf.tivian.com ~all"



--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-09 Thread John R Levine via mailop 

If you don't care enough to publish a valid SPF record, why should
we think you care whether we deliver your mail?


The customer in question used an ESP to send marketing emails.
That ESP told him what host to include in his SPF record.

Probably some years later, that ESP changed domain and that include
became invalid.


Quite possibly, but I don't see why that is anyone else's problem.  As I 
said, if you want people to accept your mail, act like you want people to 
accept your mail.  If you don't have the skills to do that, get help from 
someone who does.


If people make reasonable requests for help, that is fine, but don't 
expect people to work around stuff you can and should fix.


R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

2023-06-09 Thread Alessandro Vesely via mailop 

On Fri 09/Jun/2023 07:37:06 +0200 Benoît Panizzon via mailop wrote:


If you don't care enough to publish a valid SPF record, why should 
we think you care whether we deliver your mail?


The customer in question used an ESP to send marketing emails. 
That ESP told him what host to include in his SPF record.


Probably some years later, that ESP changed domain and that include 
became invalid.



Anyone took care to alert them about that error?

RFC 6652 provides for setting ra= and rr= tags, which are themselves flagged as 
errors by most SPF checking sites...



Best
Ale
--








___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop