They should publish an SPF record for mail.modernwebsite.pl. Publishing SPF to
support HELO checks has been recommended since before RFC 4408. I'm pretty
sure that avoids the problem. You'd get an SPF pass and it would align.
Scott K
On May 26, 2019 7:00:56 PM UTC, Dilyan Palauzov
wrote:
>
On 25/05/2019 23:53, John Levine wrote:
> We've had failure reports for almost seven years and I don't ever
> recall someone getting into a mail loop so it's not a problem in
> practice.
I had at least two or three mail loops caused by failure reports sent to
some small sites (as my is) and that
Hello John,
at SMTP level the server communicates EHLO mail.modernwebsite.pl and
ENVFROM:<>. There is no TXT record for mail.modernwebsite.pl so SPF
fails and cannot align.
The email itself contains “From: mailer-dae...@modernwebsite.pl (Mail
Delivery System)” without DKIM signature. ⇒ D
On Sun, 26 May 2019, Dotzero wrote:
Deploying DMARC seems to mean any subset of these:
1a. Publish a DMARC record
1b. Publish a DMARC record with a restrictive policy
2a. Evaluate DMARC status of incoming messages
2b. Use that status to manage message disposition
3. Collect reports
4a. S
See below.
On Fri, May 24, 2019 at 2:39 PM Jim Fenton wrote:
> On 5/24/19 11:25 AM, John R Levine wrote:
> > On Fri, 24 May 2019, Jim Fenton wrote:
> >> I hope this isn't devolving into a "we can't make any changes, because
> >> it might break something" argument.
> >
> > I don't think so, but w
In article <433a2fcbcab9452d8ca4b3ac99dc5...@bayviewphysicians.com> you write:
> 2) Recover from Subject header changes that break signatures.
This idea has come up, let us say, once or twice before. If you're
trying to undo what mailing list software does and reconstruct the
signature, that is a
In article <54fb29a0-517a-430e-af5b-cb079cc3d...@aegee.org> you write:
>-=-=-=-=-=-
>
>Hello Douglas,
>
>1) Check the Authentication-Results header. An implementation could put there
>additional information as comment. A
>downstream MTA will reevaluate the DKIM-Signature anyway, if it does nkt tru
In article <115e2cd4-af67-4a8d-85ba-567ba74d3...@aegee.org> you write:
>-=-=-=-=-=-
>
>Hello Grant,
>
>it is a misconfiguration, but it still creates a mail loop for the site, that
>is not misconfigured.
>
>To what I can say the emails are accepted at SMTP time and then bounced.
>
>I not asking t
In article <20190526050958.horde.6vaaxrzkglqyej4uov0v...@webmail.aegee.org> you
write:
>Hello John,
>
>in case of modernwebsite.pl:
>
>DNS TXT _dmarc.modernwebsite.pl is "v=DMARC1; p=reject; pct=100;
>rua=mailto:postmas...@modernwebsite.pl;
>ruf=mailto:postmas...@modernwebsite.pl; aspf=s;adkim
Hello Douglas,
1) Check the Authentication-Results header. An implementation could put there
additional information as comment. A downstream MTA will reevaluate the
DKIM-Signature anyway, if it does nkt trust the previous hop. Common case:
aliases to random servers.
2) Check ARC, https://tools
Problem
DKIM verification failures are difficult to debug because the recipient
cannot detect where the problem occurred or why.
Proposed Solutions
1) Identify the point of failure
It would seem helpful to support a DKIM trace record that a device can use
to indicate that it d
11 matches
Mail list logo