Re: Testing updated SPF record
28/11/20 12:06 ನಲ್ಲಿ, Ming ಬರೆದರು: > On Sat, Nov 28, 2020 at 03:04:16AM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > > 28/11/20 10:33 ನಲ್ಲಿ, Ming ಬರೆದರು: > > > On Fri, Nov 27, 2020 at 01:26:06PM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > > > > Testing updated record :P > > > > > > > > By the way, if anyone has a better way of testing whether an SPF record > > > > is working correctly, please let me know! I don't really want to spam > > > > the list with these kinds of emails unless I have to, although I > > > > *think* this should work. > > > > > > > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ ಬರೆದರು: > > > > > Please ignore. I'm trying to see whether I get tons of DMARC reports > > > > > after I updated my SPF record on my domain. > > > > > > You can use some free online tools, like: > > > http://www.mail-tester.com/ > > > https://dkimvalidator.com/ > > > > > > They all include detection of SPF records. > > > > Yes, I can see what the records are using a variety of methods (including > > those sites). However, it's hard for me to tell if sending emails to this > > list will trigger DMARC records due to SPF, and those sites don't help with > > that. Regardless, I *think* this should be fixed after editing my SPF > > record. > > In fact, I think the DMARC problem is unsolvable. > > I am running a mail server of my own. In the DMARC report I received, > all the detections of SPF records form the mail forwarded through > mailing list were fail (some dkim records also fail, like > lists.claws-mail.org, it will modify your email subject). > > This is an obvious problem. As a forwarder, the mailing list is > "pretending" to be us sending emails (The From field in the mail forwarded > through the mailing list is still us). Add ip address of the > mailing list to your SPF record may solve the problem, but I don’t think > you can add the ip addresses of all mailing lists. Unless you can > guarantee that you will not join new mailing lists, you have to modify > the SPF records frequently. I tried using include:mutt.org in my SPF record so that the mailing list's SPF would be included. I'm not sure if it worked though. > > If you just don’t want to receive tons of DMARC reports, I don’t think > you should set the rua item in your DMARC records. "rua" is used for > aggregate feedback, even if your spf and dkim are both pass in auth > results, they will still send a DMARC reports to you(at least for gmail). Ahhh, I misunderstood how the DMARC record works. I want to get aggregate reports to see when things fail (since very few servers actually send out forensic reports right now), so I'll have to leave rua on and just deal with the DMARC reports. Since there's no way to quell the aggregate reports (since, as you said, they send them out regardless), I'll leave those on to make sure my email is passing and then probably disable the rua parameter. This is the first time I'm extensively using my custom domain in the "Real World"™, so I want to be sure everything works as expected. Thanks for the clarification! Sincerely, Chiraag -- ಚಿರಾಗ್ ನಟರಾಜ್ Pronouns: he/him/his publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Testing updated SPF record
On Sat, Nov 28, 2020 at 03:04:16AM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > 28/11/20 10:33 ನಲ್ಲಿ, Ming ಬರೆದರು: > > On Fri, Nov 27, 2020 at 01:26:06PM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > > > Testing updated record :P > > > > > > By the way, if anyone has a better way of testing whether an SPF record > > > is working correctly, please let me know! I don't really want to spam the > > > list with these kinds of emails unless I have to, although I *think* this > > > should work. > > > > > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ ಬರೆದರು: > > > > Please ignore. I'm trying to see whether I get tons of DMARC reports > > > > after I updated my SPF record on my domain. > > > > You can use some free online tools, like: > > http://www.mail-tester.com/ > > https://dkimvalidator.com/ > > > > They all include detection of SPF records. > > Yes, I can see what the records are using a variety of methods (including > those sites). However, it's hard for me to tell if sending emails to this > list will trigger DMARC records due to SPF, and those sites don't help with > that. Regardless, I *think* this should be fixed after editing my SPF record. In fact, I think the DMARC problem is unsolvable. I am running a mail server of my own. In the DMARC report I received, all the detections of SPF records form the mail forwarded through mailing list were fail (some dkim records also fail, like lists.claws-mail.org, it will modify your email subject). This is an obvious problem. As a forwarder, the mailing list is "pretending" to be us sending emails (The From field in the mail forwarded through the mailing list is still us). Add ip address of the mailing list to your SPF record may solve the problem, but I don’t think you can add the ip addresses of all mailing lists. Unless you can guarantee that you will not join new mailing lists, you have to modify the SPF records frequently. If you just don’t want to receive tons of DMARC reports, I don’t think you should set the rua item in your DMARC records. "rua" is used for aggregate feedback, even if your spf and dkim are both pass in auth results, they will still send a DMARC reports to you(at least for gmail). -- OpenPGP fingerprint: 3C47 5977 4819 267E DD64 C7E4 6332 5675 A739 C74E signature.asc Description: PGP signature
Re: Testing updated SPF record
28/11/20 10:33 ನಲ್ಲಿ, Ming ಬರೆದರು: > On Fri, Nov 27, 2020 at 01:26:06PM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > > Testing updated record :P > > > > By the way, if anyone has a better way of testing whether an SPF record is > > working correctly, please let me know! I don't really want to spam the list > > with these kinds of emails unless I have to, although I *think* this should > > work. > > > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ ಬರೆದರು: > > > Please ignore. I'm trying to see whether I get tons of DMARC reports > > > after I updated my SPF record on my domain. > > You can use some free online tools, like: > http://www.mail-tester.com/ > https://dkimvalidator.com/ > > They all include detection of SPF records. Yes, I can see what the records are using a variety of methods (including those sites). However, it's hard for me to tell if sending emails to this list will trigger DMARC records due to SPF, and those sites don't help with that. Regardless, I *think* this should be fixed after editing my SPF record. - Chiraag -- ಚಿರಾಗ್ ನಟರಾಜ್ Pronouns: he/him/his publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Testing updated SPF record
On Fri, Nov 27, 2020 at 01:26:06PM +, ಚಿರಾಗ್ ನಟರಾಜ್ wrote: > Testing updated record :P > > By the way, if anyone has a better way of testing whether an SPF record is > working correctly, please let me know! I don't really want to spam the list > with these kinds of emails unless I have to, although I *think* this should > work. > > 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ ಬರೆದರು: > > Please ignore. I'm trying to see whether I get tons of DMARC reports after > > I updated my SPF record on my domain. You can use some free online tools, like: http://www.mail-tester.com/ https://dkimvalidator.com/ They all include detection of SPF records. -- OpenPGP fingerprint: 3C47 5977 4819 267E DD64 C7E4 6332 5675 A739 C74E signature.asc Description: PGP signature
Re: Testing updated SPF record
Testing updated record :P By the way, if anyone has a better way of testing whether an SPF record is working correctly, please let me know! I don't really want to spam the list with these kinds of emails unless I have to, although I *think* this should work. 26/11/20 18:14 ನಲ್ಲಿ, ಚಿರಾಗ್ ನಟರಾಜ್ ಬರೆದರು: > Please ignore. I'm trying to see whether I get tons of DMARC reports after I > updated my SPF record on my domain. publickey - mailinglist@chiraag.me - b0c8d720.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
