Dnia 11.07.2023 o godz. 13:23:45 Grant Taylor via mailop pisze: > > I think SPF itself is relatively straightforward. > > 1) A domain owner publishes where they will send email from and > what they would like recipients to do with email that does not match > said publication. > 2) A receiving email server uses that published data to influence > their local filtering algorithms. > > IMHO DKIM is slightly more complex: > > 1) A sending server applies a cryptographic attestation of (part > of) the message that it is sending. > 2) A receiving email server uses that cryptographic attestation to > influence their local filtering algorithms. > > DMARC is more complicated yet in what it checks. > > 1) A domain owner publishes filtering criteria that they would like > applied to their domain. > 2) A receiving email server uses that published data to influence > their local filtering algorithms.
For start, I suggest to implement SPF, DKIM and DMARC only for outgoing mail, and in fact only to satisfy Google's requirement that these should be in place. Don't bother checking them on incoming mail. (It's actually how I do it). RBLs and content filtering are enough to protect from spam. I see close to zero improvement if I would check SPF and/or DMARC. Of course YMMV. > I'll wager a cup of coffee that you could even use such a hostname / > IP address to send email to one of the email oligarchs if you adhere > to their other requirements. Send, maybe yes. Having it delivered is the other way. Consider my case: FCrDNS, and not a "generic" one, SPF, DKIM and DMARC in place, domain used for a long time. Yet still Google puts messages from me to Spam folder of the recipients and there seems nothing can be done about it. They simply so strongly dislike my parent domain :(. > >+ define/clarify MTA roles > > In many ways the roles are outside of and independent of the > protocol. RFCs are defining the protocol. But we are talking about BCP here, not about a RFC that defines a protocol. I think BCP can be a proper place for clarifying the roles. > >"Good reputation" is bad wording into best practices. > > I don't agree. I believe that reputation can be quantified in some > ways and I think that quantization can be compared to others. Ergo > it's possible to determine reputation and if it's good or bad. > > In many ways "reputation" is a single word for what may be described > as "community consensus". The problem is that mentioned email oligarchs understand "reputation" as something completely untransparent and internal to their mail systems, not anything related to the community consensus. And you can't know in advance what is a "reputation" of a given domain for a given email oligarch (see my problems with Google mentioned above, which are clearly related to reputation, or rather what Google understands as reputation). -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
