Re: Mailing list SPF Failure

["Scott Q." <qmail () top-consulting net>]

Mike, you do realize Google/Gmail rejects e-mails with
invalid/missing SPF right ?

If you want to tell them they're broken...there's a few guys on the
list here.

On Thursday, 16/05/2024 at 19:17 Michael Thomas wrote:



On 5/16/24 3:54 PM, William Herrin wrote:
> On Thu, May 16, 2024 at 12:03 PM John Levine  wrote:
> > It appears that Michael Thomas  said:
> > > Since probably 99% of the mail from NANOG is through this list, it
> > > hardly matters since SPF will always fail.
> > Sorry, but no. A mailing list puts its own envelope return address
on
> > the message so with a reasonable SPF record, SPF will normally
> > succeed.
> Exactly. SPF acts on the -envelope- sender. That means the one
> presented in the SMTP From: command. For mail from nanog, that's:
> nanog-bounces+address () nanog org, regardless of what the sender's
> header From address is.
>
> The message content (including the message headers) is theoretically
> not used for SPF validation. In practice, some SPF validators don't
> have direct access to the SMTP session so they rely on the SMTP
> session placing the envelope sender in the Return-path header.

Yes, and why is that needed? The mailing list resigning has the same 
effect and then you only need one mechanism instead of two and with
DKIM 
you get the benefit that it's signing the 822 address which can be
used 
for user level stuff in way that SPF is a little sus. So it makes SPF 
pretty irrelevant. IMO, SPF was always a stopgap since there was no 
guarantee that DKIM would be deployed. 20 years on, I guess I don't
feel 
like I need to keep my trap shut about that.

If a receiving site is rejecting something solely based on the lack of
a 
SPF record but has a valid DKIM signature, the site is broken IMO.

Mike