From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Schmidt Date: Fri, 11 May 2012 13:20:33 +0000 Subject: Re: [mlmmj] mlmmj and spf Message-Id: <4FAD1221.6080103@yahoo.com.au> List-Id: References: <4FACFAE7.60904@borm.org> In-Reply-To: <4FACFAE7.60904@borm.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: mlmmj@mlmmj.org I second what Christian says. It sounds like the SPF checking is broken. It should be against the envelope-from. Checking against the "From:" header is wrong and bad for a number of reasons. If they want to validate the "From:" and/or other headers, they should use DKIM. It will actually be effective and more efficient for validating headers. I think it's pretty unlikely I would accept a change to Mlmmj to work around a buggy SPF implementation. Cheers, Ben. On 11/05/12 10:43 PM, Christian Laursen wrote: > On 05/11/12 13:41, theo borm wrote: > > >> We operate a small, closed, moderated mailing list that recently stopped >> working for a large part of its subscribers. The organization of which >> these subscribers are a member maintains an SPF record which denies >> access to all servers except a named few, which seems to be the cause of >> these problems. > > It sounds like their SPF implementation is broken. > >> As a work-around I set mlmmj to use a different from address in the >> "From:" header. This solution is, however, plainly bad as it removes the >> original sender from the headers. I have seen other lists use "Sender:" >> header, but results are a mixed bag. With strict SPF checking of the >> "From:" header in place these mails also don't pass. > > SPF checking should be done on the enevelope FROM address, not the From: header > contained inside the mail. > > When mlmmj send out mails to the list subscribers the envelope from looks > something like this: > listname+bounces-XXXX-recipient=example.com@listowner.tld > > So the SPF checking is done against the domain that the list is running on. > > The correct cause of action would be to get the organization with broken SPF > checking to fix that. >