nanog mailing list archives
Re: Mailing list SPF Failure
From: Michael Thomas <mike () mtcc com>
Date: Thu, 16 May 2024 19:27:50 -0700
On 5/16/24 7:22 PM, Scott Q. wrote:
Mike, you do realize Google/Gmail rejects e-mails with invalid/missing SPF right ?
I was receiving the mail while NANOG had no SPF record, so no? Any receiver would be really stupid take a single signal as disqualifying.
Mike
If you want to tell them they're broken...there's a few guys on the list here.On Thursday, 16/05/2024 at 19:17 Michael Thomas wrote: On 5/16/24 3:54 PM, William Herrin wrote: > On Thu, May 16, 2024 at 12:03 PM John Levine <johnl () iecc com <mailto:johnl () iecc com>> wrote: >> It appears that Michael Thomas <mike () mtcc com <mailto:mike () mtcc com>> said: >>> Since probably 99% of the mail from NANOG is through this list, it >>> hardly matters since SPF will always fail. >> Sorry, but no. A mailing list puts its own envelope return address on >> the message so with a reasonable SPF record, SPF will normally >> succeed. > Exactly. SPF acts on the -envelope- sender. That means the one > presented in the SMTP From:<> command. For mail from nanog, that's: > nanog-bounces+address () nanog org <mailto:nanog-bounces+address () nanog org>, regardless of what the sender's > header From address is. > > The message content (including the message headers) is theoretically > not used for SPF validation. In practice, some SPF validators don't > have direct access to the SMTP session so they rely on the SMTP > session placing the envelope sender in the Return-path header. Yes, and why is that needed? The mailing list resigning has the same effect and then you only need one mechanism instead of two and with DKIM you get the benefit that it's signing the 822 address which can be used for user level stuff in way that SPF is a little sus. So it makes SPF pretty irrelevant. IMO, SPF was always a stopgap since there was no guarantee that DKIM would be deployed. 20 years on, I guess I don't feel like I need to keep my trap shut about that. If a receiving site is rejecting something solely based on the lack of a SPF record but has a valid DKIM signature, the site is broken IMO. Mike
Current thread:
- Re: Mailing list SPF Failure, (continued)
- Re: Mailing list SPF Failure John Levine (May 16)
- Re: Mailing list SPF Failure William Herrin (May 16)
- Re: Mailing list SPF Failure John R. Levine (May 16)
- Re: Mailing list SPF Failure Scott Q. (May 16)
- Re: Mailing list SPF Failure John R. Levine (May 16)
- Re: Mailing list SPF Failure Michael Thomas (May 16)
- Re: Mailing list SPF Failure Tom Beecher (May 16)
- Re: Mailing list SPF Failure Tom Beecher (May 16)
- Re: Mailing list SPF Failure Michael Thomas (May 16)
- Re: Mailing list SPF Failure Scott Q. (May 16)
- Re: Mailing list SPF Failure Michael Thomas (May 16)
- Re: Mailing list SPF Failure Karl Auer (May 16)
- Re: Mailing list SPF Failure Hank Nussbacher (May 16)
- Re: Mailing list SPF Failure Karl Auer (May 17)