https://github.com/smck83/expurgate
On 1/11/2023 9:00 AM, Laura Atkins via mailop wrote:
On 11 Jan 2023, at 13:08, Simon Burke via mailop <[email protected]> wrote:All, This is an odd scenario, but sadly one I find myself in.Work is a large organisation, and currently does not have an SPF record. The reason is that there are a large (and unknown) number of internal and external parties that send mail on our domain, as well as sub-domains.Most bulk services use either a custom subdomain in the customer’s domain space for the 5321.from or their own string in the 5321.from. This is primarily to deal with bounces - as anything that fails to deliver should go back to the sending service not to the original sender. A lot of places (SES, Mailchimp, Constant Contact) use their own 5321.from addresses by default and there’s no need to add the include: record at all. If your user base is using custom 5321.from you’re going to need to set up DNS records for those (CNAMEs are common).Do you have a lot of users with 1 to 1 email through external relays?So, even if we do determine who sends email on the domain, we would then have an issue with max lookups and record length.I find, generally, this happens but in most cases it doesn’t have to. Despite what a lot of people think, they don’t need to add an include for every service they’re using in the spf record for their organizational domain.I know we can use an SPF flattening service. However that either has a cost. Or, although we can develop something in house, there's a 'bought not built' ethos being pushed by management.Sparkpost uses macros, would that be possible?As an out the box idea, what would the potential impact be of having an SPF record stating just:"V=spf1 a mx +all"How bad of an idea would this be? If we also had a DMARC record set to either quarantine or reject.Anecdotally, that would be a bad idea. What I’ve heard is this is actually something done for botnet sending and is treated as a bad reputation indicator. I don’t ever recommend this.laura -- The Delivery Experts Laura Atkins Word to the Wise [email protected] Email Delivery Blog: http://wordtothewise.com/blog _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
OpenPGP_0xE37A23C4D04F0409.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
