From: theo borm <theo_mlmmj@borm.org>
To: mlmmj@mlmmj.org
Subject: Re: [mlmmj] mlmmj and spf
Date: Fri, 11 May 2012 13:55:55 +0000 [thread overview]
Message-ID: <4FAD1A6B.5010806@borm.org> (raw)
In-Reply-To: <4FACFAE7.60904@borm.org>
[-- Attachment #1: Type: text/plain, Size: 2216 bytes --]
Hi Christian,
Thanks for the answer.
On 05/11/2012 02:43 PM, Christian Laursen wrote:
> On 05/11/12 13:41, theo borm wrote:
> >
>> We operate a small, closed, moderated mailing list that recently stopped
>> working for a large part of its subscribers. The organization of which
>> these subscribers are a member maintains an SPF record which denies
>> access to all servers except a named few, which seems to be the cause of
>> these problems.
>
> It sounds like their SPF implementation is broken.
microsoft?
>
>> As a work-around I set mlmmj to use a different from address in the
>> "From:" header. This solution is, however, plainly bad as it removes the
>> original sender from the headers. I have seen other lists use "Sender:"
>> header, but results are a mixed bag. With strict SPF checking of the
>> "From:" header in place these mails also don't pass.
>
> SPF checking should be done on the enevelope FROM address, not the
> From: header contained inside the mail.
http://www.openspf.org/SPF_vs_Sender_ID summarizes this nicely:
<quote>
How will /Sender ID/ implementations violating the /SPF/ specification
affect me?
If you have published an |v=spf1| policy to protect the use of your
domain in the MAIL FROM and HELO addresses, /Sender ID/ implementations
that apply your policy to /PRA/ (per RFC 4406) will reject your mail if
you use your domain in the "|From|" (or generally /PRA/) header field
while sending from (MAIL FROM) another system.
</quote>
organization has an |v=spf1| policy in place. Mail is outsourced to
microsoft, which uses sender ID.
It's the receiving server which has to implement spf/sender-ID, so
delivery is erratic to say the least.
>
> When mlmmj send out mails to the list subscribers the envelope from
> looks something like this:
> listname+bounces-XXXX-recipient=example.com@listowner.tld
listowner.tld doesn't have an spf record.
this is not the problem. problem is the "From" field/
>
> So the SPF checking is done against the domain that the list is
> running on.
>
> The correct cause of action would be to get the organization with
> broken SPF checking to fix that.
>
I (and others) have told them a few times to no avail.
regards, Theo
[-- Attachment #2: Type: text/html, Size: 3391 bytes --]
next prev parent reply other threads:[~2012-05-11 13:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-11 11:41 [mlmmj] mlmmj and spf theo borm
2012-05-11 11:54 ` Franky Van Liedekerke
2012-05-11 12:42 ` theo borm
2012-05-11 12:43 ` Christian Laursen
2012-05-11 13:20 ` Ben Schmidt
2012-05-11 13:42 ` Franky Van Liedekerke
2012-05-11 13:51 ` theo borm
2012-05-11 13:55 ` theo borm [this message]
2012-05-11 13:56 ` Franky Van Liedekerke
2012-05-11 13:57 ` theo borm
2012-05-11 14:33 ` theo borm
2012-05-11 14:50 ` Ben Schmidt
2012-05-11 14:56 ` Ben Schmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FAD1A6B.5010806@borm.org \
--to=theo_mlmmj@borm.org \
--cc=mlmmj@mlmmj.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox